Search This Blog
Thursday, December 11, 2008
Layer-7 filter protocol
L7-filter is a packet classifier for Linux. Unlike most other classifiers, it doesn't just look at simple values such as port numbers. Instead, it does regular expression matching on the application layer data to determine what protocols are being used.
Since this classifier is much more processor and memory intensive than others, we recommend that you only use it if you have reason to believe that matching by port (or IP number, etc.) is insufficient for your purposes. L7-filter is right for you if you need:
* to match any protocol that uses unpredictable ports (e.g. P2P filesharing)
* to match traffic on non-standard ports (e.g. HTTP on port 1111)
* to distinguish between protocols which share a port (e.g. P2P filesharing that uses port 80)
Subscribe to:
Post Comments (Atom)
1 comment:
You have a very useful blog, keep going!
Post a Comment