I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for L7-Filter for this protocol? I fetched the latest l7-protocols tarball, but the edonkey.pat hasn''t been updated in some time. I''d be happy to capture Kademlia traffic, but I don''t know what exactly to do with it thereafter. Thanks. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday 25 September 2004 19:10, Alexis wrote:> uhm, could you capture some packets with ethereal to check the contents and > make the new pattern?Possibly, but not very easily. The pattern match for edonkey ''classic'' is several dozen hex matches for L7. That was probably nontrivial to decipher. I''d expect Kad to be of similar complexity. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
uhm, could you capture some packets with ethereal to check the contents and make the new pattern? -----Mensaje original----- De: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a.nl] En nombre de Jason Boxman Enviado el: Sábado, 25 de Septiembre de 2004 19:52 Para: lartc@mailman.ds9a.nl Asunto: [LARTC] New L7-Filter patterns for Kademlia / eMule? I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for L7-Filter for this protocol? I fetched the latest l7-protocols tarball, but the edonkey.pat hasn''t been updated in some time. I''d be happy to capture Kademlia traffic, but I don''t know what exactly to do with it thereafter. Thanks. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> From: Jason Boxman <jasonb@edseek.com> > Reply-To: jasonb@edseek.com > Organization: The Vortex > To: lartc@mailman.ds9a.nl > Subject: Re: [LARTC] New L7-Filter patterns for Kademlia / eMule? > Date: Sat, 25 Sep 2004 19:09:55 -0400 > > On Saturday 25 September 2004 19:10, Alexis wrote: > > uhm, could you capture some packets with ethereal to check the contents > and > > make the new pattern? > > Possibly, but not very easily. The pattern match for edonkey ''classic'' is > several dozen hex matches for L7. That was probably nontrivial to decipher. > > I''d expect Kad to be of similar complexity. >I have read that the project ipp2p support kad and emule. http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html I don''t test ipp2p, actually i am testing layer7 but i will give a try soon to ipp2p. I want to try too iptables-p2p. http://unix.freshmeat.net/projects/iptables-p2p/ if you want to write your own patterns for a protocol you can start here. This projects is not free: http://www.p2pwatchdog.com/packets.html well if someone have probed any of this projects i like to now your opinion. Now i am testing layer7 and have rule for bittorrent, fastrack, edonkey, directconnect and audiogalaxy nico _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/