packet injection help?
Hey. I'm working on a security tool that uses pcap to monitor http traffic, and when finding certain material, it will log or block it.
The monitoring is completed (pcap). I'm at the point where I need to figure out what the best method is to block content. Using iptables is not going to work, as this needs to be cross-platform compatible. From what I understand, I think I'll need to use packet injection... although there may be a better method that I'm simply unaware of.
I have absolutely no experience with packet injection, and my google-hunt didn't really turn up anything useful. Does anyone have any suggested reading, whether it be on the net or not? I've been using python (pcapy module), so up until now I've been able to avoid many of the complexities of the network protocols. I assume it's time to learn.
Justin
|