| Julien Vehent on 23 Aug 2012 12:54:12 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Fosscon: Netfilter workshop slides |
On 2012-08-23 14:02, Joshua Datko wrote:
Julien, Interesting slides. Does Netfilter offer, or allow via a module, any deep packet inspection (of application layer streams)?
You can inspect the content of a packet using the string module (there's an example in the slides). But keep in mind that Netfilter is a packet filter, so you can only inspect 1500 bytes (or whatever your MTU size is) at a time. For long HTTP requests (for example), it means that you do not get the whole request at once.
- Julien ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug