Msg#: 3250164 posted 4:15 pm on Feb 12, 2007 (gmt 0)
Hi, I am working on a firewall and need to capture packets from the ethernet and then do some analysis on it before sending it to Apache application. I am been able to capture the packets but they are also received by the Apache at the same instant. But I need to analyze the packet before it is received by apache. Any help in this regard would be highly appreciated.
Msg#: 3250164 posted 9:34 pm on Feb 12, 2007 (gmt 0)
The issue that you're having is that running something (tcpdump/snort/wireshark) in promiscuous mode is considered passive monitoring, where it does not modify or block any incoming traffic.
What you're looking for is either a "helper" application that listens to port 80, analyzes the traffic, then forwards it to apache (listening on another port).
Or, what you might want to look at is having another system that is acting as a router (NAT or otherwise) in front of your apache server, with two NICs, which analyzes the traffic, and if it deems it good, it can forward it on to the apache webserver.