From owner-freebsd-net@FreeBSD.ORG Mon Jun 27 07:20:08 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC5DB16A41C for ; Mon, 27 Jun 2005 07:20:08 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7132443D1D for ; Mon, 27 Jun 2005 07:20:08 +0000 (GMT) (envelope-from regnauld@catpipe.net) Received: from localhost (localhost [127.0.0.1]) by localhost.catpipe.net (Postfix) with ESMTP id 9C8021B358; Mon, 27 Jun 2005 09:20:05 +0200 (CEST) Received: from moof.catpipe.net ([127.0.0.1]) by localhost (moof.catpipe.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 58926-02; Mon, 27 Jun 2005 09:20:00 +0200 (CEST) Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189]) by moof.catpipe.net (Postfix) with ESMTP id E6C7A1B387; Mon, 27 Jun 2005 09:19:59 +0200 (CEST) Received: by vinyl.catpipe.net (Postfix, from userid 1006) id BBCAC3981C; Mon, 27 Jun 2005 09:19:30 +0200 (CEST) Date: Mon, 27 Jun 2005 09:19:30 +0200 From: Phil Regnauld To: Donatas Message-ID: <20050627071929.GA77236@catpipe.net> References: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <013701c57ae6$2f79b7e0$9f90a8c0@DONATAS> X-Operating-System: FreeBSD 5.3-STABLE i386 Organization: catpipe Systems ApS User-Agent: Mutt/1.5.9i X-Virus-Scanned: amavisd-new at catpipe.net Cc: freebsd-net@freebsd.org Subject: Re: layer7 filtering X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Jun 2005 07:20:08 -0000 Donatas (donatas) writes: > I wonder if there's any person who did some scripting like > application layer analysis with network sniffer (like tcpdump) + apropriate firewall rule generation(like statefull ipfw rules) ? You mean this ? http://www.hsc.fr/ressources/outils/nstreams/ Nstreams is a program which analyzes the streams that occur on a network. It displays which streams are generated by the users between several networks, and between the networks and the outside. It can optionally generate the ipchains or ipfw rules that will match these streams, thus only allowing what is required for the users, and nothing more. Nstreams can parse the tcpdump output, or the files generated with the -w option of tcpdump. It can also directly sniff the data that occurs on the network. This product was designed by HSC and coded by Renaud Deraison (deraison@cvs.nessus.org), author of the Nessus software. It is available for free under GNU license.