layer7 filtering
Phil Regnauld
regnauld at catpipe.net
Mon Jun 27 07:20:08 GMT 2005
Donatas (donatas) writes:
> I wonder if there's any person who did some scripting like
> application layer analysis with network sniffer (like tcpdump) + apropriate firewall rule generation(like statefull ipfw rules) ?
You mean this ?
http://www.hsc.fr/ressources/outils/nstreams/
Nstreams is a program which analyzes the streams that occur on a
network. It displays which streams are generated by the users between
several networks, and between the networks and the outside. It can
optionally generate the ipchains or ipfw rules that will match these
streams, thus only allowing what is required for the users, and nothing
more.
Nstreams can parse the tcpdump output, or the files generated
with the -w option of tcpdump. It can also directly sniff
the data that occurs on the network.
This product was designed by HSC and coded by Renaud Deraison
(deraison at cvs.nessus.org), author of the Nessus software.
It is available for free under GNU license.
More information about the freebsd-net
mailing list