LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-02-2010, 10:58 PM   #16
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51

Hey again.

I just installed iotop and checked it out. looks cool, never knew so much ran as root. Should I be seeing almost everyting as root? Also, correct me if I am wrong, but isnt that level 4 ( er application layer )? While I am trying to filter traffic based on level 4 data ( right? ), I dont understand how I can use that information for filtering network traffic. Could you help understand it more?

Thanks

John
 
Old 08-03-2010, 09:35 AM   #17
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,899

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
Quote:
Originally Posted by mrmnemo View Post
I dont understand how I can use that information for filtering network traffic.
Sorry, your previous post included:

Quote:
I am just trying to monitor traffic on a machine by the actual command vs. the port number.
and my answer was orientated towards monitoring rather than filtering, per se. And I should also have mentioned wireshark as a monitoring thingy.

There are dozens of apps that allow you to see in more or less detail (and with better or worse display filtering options; wireshark does well at display filtering) what is going on your network; the trouble is most of them don't tell you anything about what is listening to which port, but you can do it yourself. Look at the traffic and if you see lots of traffic that you are interested in going to some particular port, use netstat to see who is listening there.

(you might like to make a one-line script along the lines
Code:
 netstat -l | grep $1
which you can call from the command line, and the parameter that you specify will allow you to filter the netstat output just to stuff that contains the specific number that you specify on the command line, which will be the port number that you are interested in)

It is two stages, but they are pretty easy stages. Certainly, it seems to me easier than what you were originally trying to do. Still think you might be better with a different thread title, though.
 
1 members found this post helpful.
Old 08-03-2010, 09:47 AM   #18
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Perhaps I should clarify: I want to have a default policy of DROP on all my tables. the bittorrent "protocol" ( if you can call it that ) does not seem to lend it self to be tracked and controlled with iptables modules like conntrack or conntrack_ftp. I want that functionality. to be able to say..OK box allow outbound egress on all ports IN THIS RANGE [I]BUT[/} only if this PID / COMMAND request it. Does that make more sense? As far as I can tell the only way to do this is with -m owner --cmd-owner

[I]see quote from man page @ http://linux.die.net/man/8/iptables

Quote:
owner

This module attempts to match various characteristics of the packet creator, for locally-generated packets. It is only valid in the OUTPUT chain, and even this some packets (such as ICMP ping responses) may have no owner, and hence never match.
--uid-owner userid
Matches if the packet was created by a process with the given effective user id.
--gid-owner groupid
Matches if the packet was created by a process with the given effective group id.
--pid-owner processid
Matches if the packet was created by a process with the given process id.
--sid-owner sessionid
Matches if the packet was created by a process in the given session group.
--cmd-owner name
Matches if the packet was created by a process with the given command name. (this option is present only if iptables was compiled under a kernel supporting this feature)
NOTE: pid, sid and command matching are broken on SMP
Maybe MONITOR was the wrong word. I thought inspecting traffic, blocking or allowing based on flags, was considered filtering. Thanks for your help.

John

P.S. iotop is cool. should i be seeing everything running as root though?

Last edited by mrmnemo; 08-03-2010 at 09:49 AM.
 
Old 08-04-2010, 09:03 PM   #19
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Ok

I found reference to a patch for exactly what I want to do. Any body heard any feedback on this.? ( see http://l7-filter.clearfoundation.com/
 
Old 08-04-2010, 10:16 PM   #20
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Well, with the help of a grapefruti and google, I was able to find something.

Its called L7-filter. Find info on it here at the main page or here ( the how to ). Unfortunately, it appears that using it with bittorent will be pointless ( cant read the info from encrypted packets). I was hoping for someway to use the actual PID rather than packet sniffing ( if that is what it is).
 
Old 08-05-2010, 03:14 AM   #21
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Moved: This thread is more suitable in Linux-Networking and has been moved accordingly to help your thread/question get the exposure it deserves. I have also changed the title to better reflect the subject matter.
 
Old 08-05-2010, 07:04 AM   #22
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Original Poster
Rep: Reputation: 51
Thanks!
 
  


Reply

Tags
iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPTables/Conntrack MikeQ Linux - Server 1 08-04-2009 01:02 PM
[HELP] redirect traffic to spesific port based on Traffic Content using iptables summersgone Linux - Server 2 06-22-2009 11:26 AM
Iptables - Allowing BitTorrent & aMule Traffic mistersnorfles Linux - Networking 2 08-20-2007 09:08 AM
iptables conntrack concepts question eantoranz Linux - Networking 0 01-06-2005 08:59 AM
iptables & conntrack f1uke Linux - Security 2 12-02-2003 10:11 AM


All times are GMT -5. The time now is 09:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration