[LARTC] Completely isolating P2P/BitTorrent traffic
Francisco
ranmakun at arnet.com.ar
Wed Sep 13 03:16:02 CEST 2006
I'll tell you what I did to completelly isolate MY bittorrent traffic. In
azureus you can tell the program to use a specific IP, so I have two IP's per
PC, one for p2p and the other one as the main IP. Then I simply shape traffic
from the azureus IP in each PC. Obviously this only works for you, since you
wont convince any user to do this, but I found it quite practical if that's
what you need. aMule doesn't have the same option, but this traffic is easy
to detect.
El Martes, 12 de Septiembre de 2006 11:49, K Venkat escribió:
> Hi all,
>
> I'm tring to isolate P2P traffic, specifically BitTorrent, for my QoS
> scripts. I can't seem to completely isolate ALL BitTorrent traffic.
>
> I identify & mark packets and then use tc filters to put them into
> appropriate classes. My firewall rules (below) do the markings. My VoIP
> boxes' and ICMP traffic get highest priority (mark 1). Then comes DNS,
> SSH, and Telnet (mark 2), After this, I try to isolate BitTorrent traffic
> (mark 4). If the packet is none of the above, then mark with a default
> mark (mark 3).
>
> I ran my BitTorrent client (uTorrent) for a while, with no other big
> uploading application running on my network. My firewall rules and
> statistics are below. You can find that a large chunk got marked with 3
> (default mark), apart from marked BitTorrent traffic. I put the LOG target
> just to see what traffic it is and SURPRISE ! It was BitTorrent traffic.
>
> A snippet from my kernel log (from iptables) is below. My PC's IP is
> 192.168.1.105 and port 10305 is uTorrent's port. And, other packets not
> going out of that port - I confirmed they are from uTorrent by doing this
> on a bunch of entries:
>
> D:\Junk>netstat -nb | grep -A1 1553
> TCP 192.168.1.105:1771 195.23.20.78:21488 ESTABLISHED 4080
> [utorrent.exe]
>
> D:\Junk>
>
> I've tried using -m layer7 --l7proto bittorrent and IPP2P's -m
> ipp2p --ipp2p. Same effect.
>
> Kernel version - 2.4.30
> iptables version - v1.3.3
> ipp2p version : v0.8.1_rc1
> vlan1 is my WAN interface.
>
> FWIW, I'm doing this on my WRT54G V3 router running OpenWRT WhiteRussian
> RC5.
>
> I don't want to put all traffic on high-ports (>1024) into Bulk since I
> have a bunch of stuff running on high-ports outside that I access. I just
> want to be able to completely isolate P2P/BitTorrent and mark it bulk.
>
> Any help appreciated.
>
> Thanks.
>
> PS. I sent this on Sep 11, 2006 at 3:56 PM. It never showed up in the list
> archive. So, reposting. Apologize if this is a repeat.
>
>
> Firewall:
> ---------
> Chain POSTROUTING (policy ACCEPT 1404K packets, 600M bytes)
> pkts bytes target prot opt in out source destination
> 1024K 394M QOS_Chain all -- * * 0.0.0.0/0 0.0.0.0/0
>
> Chain QOS_Chain (1 references)
> pkts bytes target prot opt in out source destination
> 6971 1418K MARK all -- * vlan1 192.168.1.107 0.0.0.0/0
> MARK set 0x1 40271 8118K MARK all -- * vlan1
> 192.168.1.111 0.0.0.0/0 MARK set 0x1 0 0 MARK icmp --
> * vlan1 0.0.0.0/0 0.0.0.0/0 icmp type 8 MARK set
> 0x1 281 20041 MARK udp -- * vlan1 0.0.0.0/0 0.0.0.0/0
> udp dpt:53 MARK set 0x2 0 0 MARK tcp -- * vlan1
> 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0x2 0 0 MARK
> tcp -- * vlan1 0.0.0.0/0 0.0.0.0/0 tcp dpt:23
> MARK set 0x2 47517 9555K RETURN all -- * * 0.0.0.0/0
> 0.0.0.0/0 MARK match !0x0 152K 72M CONNMARK all -- * *
> 0.0.0.0/0 0.0.0.0/0 CONNMARK restore 3849 2043K MARK
> all -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p
> v0.8.1_rc1 --bit MARK set 0x4 49411 28M CONNMARK all -- * *
> 0.0.0.0/0 0.0.0.0/0 MARK match 0x4 CONNMARK save 24859
> 32M LOG all -- * vlan1 0.0.0.0/0 0.0.0.0/0
> length 100:65535 MARK match 0x0 LOG flags 0 level 4 prefix `UNMARKED
> Packet: ' 29544 32M MARK all -- * vlan1 0.0.0.0/0
> 0.0.0.0/0 MARK match 0x0 MARK set 0x3
>
> Kernel log (snippet):
> ---------------------
> Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
> SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
> ID=64569 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0
> Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1
> SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127
> ID=64570 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK PSH
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64571 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64572 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65320 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64573 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64576 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64577 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64578 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64579 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64580 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK
> PSH URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64581 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64583 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64584 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64586 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64587 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64588 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64611 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64612 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK
> URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN=
> OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00
> TTL=127 ID=64613 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64265 RES=0x00 ACK
> URGP=0 _______________________________________________
> LARTC mailing list
> LARTC at mailman.ds9a.nl
> http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
More information about the LARTC
mailing list