HPE Community
Operating System - Linux
1754303 Members
3058 Online
108813 Solutions
New Discussion юеВ

In which layer is my module?

 
oiram
Regular Advisor

тАО01-17-2003 02:55 AM

тАО01-17-2003 02:55 AM

In which layer is my module?

Hello:


I have a third party application running in my redhat 7.2. This install a kernel module and we want to know in which layer this module listen for incoming packtes. tcpdump doesn??t work for us as it listen on layer 2.

Regards,
Mario.
0 Kudos
Reply
5 REPLIES 5
Jerome Henry
Honored Contributor

тАО01-17-2003 04:16 AM

тАО01-17-2003 04:16 AM

Re: In which layer is my module?

Seems to me that it depens on what this application does !
Usually, talking about pure OSI layers, application is layer seven.
Then according to this application's usage, it'll send information to other layers that can be implemented in this program.
But what does it do ?
J
You can lean only on what resists you...
0 Kudos
Reply
oiram
Regular Advisor

тАО01-17-2003 05:07 AM

тАО01-17-2003 05:07 AM

Re: In which layer is my module?

Hello:

It??s a proxy application and this module forbid any access to the system except to the ports specifically allowed.

Regards,
Mario.
0 Kudos
Reply
Jerome Henry
Honored Contributor

тАО01-17-2003 06:10 AM

тАО01-17-2003 06:10 AM

Re: In which layer is my module?

Well,
supposely a proxy application works on layer 3.
Some proxy, though, also work on other layers (application proxies), which filter for example sql code injected in your machine, which would bring activity on layer 6.
tcpdump works on layer 2, but so it gets whatever would get into your machine.
Do you just need to know which layer is concerned, or do you need to monitor its activity, for which you could set up on realtime logging I suppose, or use a gui tool (there are many) ?
You can lean only on what resists you...
0 Kudos
Reply
oiram
Regular Advisor

тАО01-17-2003 06:24 AM

тАО01-17-2003 06:24 AM

Re: In which layer is my module?

Hello:

We are waiting a DOS attack and we need to know in which layer gets the packets the application. The measures should be different if the module is working between layer 2 and 3 or between layer 3 and 4.

Thanks,
Mario.
0 Kudos
Reply
Jerome Henry
Honored Contributor

тАО01-17-2003 09:22 AM

тАО01-17-2003 09:22 AM

Re: In which layer is my module?

I do not know which proxy product you are using, but a proxy is set to control connections, that is to say layer 3 and 2 (if it takes into consideration stuff such as attacker mac address), it is not set to control transport layer (if it is a stuff like netfilter/iptables).
Good luck.
You can lean only on what resists you...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.