Installing and Configuring ndpi-netfilter for traffic controlling on ubuntu

nDPI is a ntop-maintained superset of the popular OpenDPI library. Lots of projects have been done using this NDPI(Open and Extensible LGPLv3 Deep Packet Inspection Library). nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds. List of protocols that can be detected using ndpi can be seen on ndpi page here.(http://www.ntop.org/products/deep-packet-inspection/ndpi/)

 Here i explain how to set up your own traffic controller using ndpi-netfilter which is very handy open project on github. Here we are setting it on on ubuntu 14.04LTS or newer as a linux kernel module and use with linux iptables. 
If you want to setup it on RedHat/CentOS follow this separate tutorial as it is little bit different than on Ubuntu.
installing and configuring ndpi-netfilter for traffic controlling on RedHat/CentOS

 Steps to get and compile the ndpi-netfilter source.

 Step1:
Update the ubuntu system with latest modules. run the bellow commands
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install linux-source

 Step2:
Install necessary tools and libraries.
sudo apt-get install libtool
sudo apt-get install autoconf
sudo apt-get install pkg-config
sudo apt-get install subversion
sudo apt-get install iptables-dev
sudo apt-get install libpcap-dev

 Step3:Download the source code form GitHub. It will download the source as a zip file.
https://github.com/betolj/ndpi-netfilter/archive/master.zip
Step4:
Go to download folder and move it to /usr/src directory and unzip it.
cd ~/Downloads/
mv ndpi-netfilter-master.zip /usr/src/
cd /usr/src/
unzip ndpi-netfilter-master.zip

Step5:
Go inside nDPI directory.
cd /usr/src/ndpi-netfilter-master/nDPI/

Step6:
Run bellow commands to compile, install and configure the code. make sure to use sudo for each command, otherwise you will get a error sometime.
sudo ./autogen.sh
sudo make
sudo make install
cd ..
sudo NDPI_PATH=/usr/src/ndpi-netfilter-master/nDPI make
sudo make modules_install
sudo cp /usr/src/ndpi-netfilter-master/ipt/libxt_ndpi.so /lib/xtables/

Now we have successfully configured everything which need to be setup a traffic controlling.
Here is some sample iptables rules.

sudo iptables -m ndpi --help # will print help and all the protocols which can be used.
sudo iptables -A INPUT -m ndpi --youtube -j DROP  # Block youtube
sudp iptables -A INPUT -m ndpi --facebook -j DROP # Block facebook
sudp iptables -A INPUT -m ndpi --skype -j DROP # Block skype

Now you can set your own rule to block or accept any service under the protocol list.

Thanks.........




Comments

Post a Comment

Popular posts from this blog

installing and configuring ndpi-netfilter for traffic controlling on RedHat/CentOS 7

nDPI is a ntop-maintained superset of the popular OpenDPI  library. Lots of projects have been done using this NDPI( Open and Extensible LGPLv3 Deep Packet Inspection Library ).  nDPI is used for application-layer detection of protocols, regardless of the port being used. This means that it is possible to both detect known protocols on non-standard ports (e.g. detect http non ports other than 80), and also the opposite (e.g. detect Skype traffic on port 80). This is because nowadays the concept of port=application no longer holds. List of protocols that can be detected using ndpi can be seen on ndpi page here.( http://www.ntop.org/products/deep-packet-inspection/ndpi/ )   Here i explain how to set up your own traffic controller using ndpi-netfilter which is very handy open project on github. Here we are setting it on on RedHat/CentOS 7 as a linux kernel module and use with linux iptables.  If you want to setup it on Ubuntu follow this separate tutorial as it is little bit
Read more

Configuring Check Point SSL Network Extender on Ubuntu 14.04/10

Image
Configuring Check Point SSL network extender on windows will not be a problem, but configuring on linux may really a big problem if you couldn't install necessary dependencies and plugins. I, here describe how it was properly install on Ubuntu 14.04/10 and Linux Mint 17.2. I expect other Linux distributions will support this method. Follow the bellow steps. 1. You need to update the Ubuntu system first. use software updater or type the bellow command on terminal.   sudo apt-get update  sudo apt-get upgrade  sudo apt-get dist-upgrade  sudo apt-get autoclean 2. install JDK and icedTea plugin. you need to install jdk 6, because check point extender will not support for java version 7 and will give an error as "java unavailable".  sudo apt-get install openjdk-6-jre openjdk-6-jdk icedtea-plugin 3. Install necessary libraries.  sudo apt-get install libpam0g:i386 libx11-6:i386 libstdc++5:i386 4. restart the Ubuntu so that the changes to be taken effect.
Read more