File: napster.pat

package info (click to toggle)
ntop 3%3A3.3-11
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 12,772 kB
  • ctags: 7,534
  • sloc: ansic: 71,427; sh: 16,772; awk: 1,504; perl: 792; makefile: 782; php: 123; python: 23; sql: 13; sed: 11
file content (23 lines) | stat: -rw-r--r-- 1,102 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# Napster - P2P filesharing
# Pattern quality: good veryfast
# All my tests show that this pattern is fast, but one user has reported that
# it is slow.  Your milage may vary.
# 
# Should work for any Napster offspring, like OpenNAP.
# (Yes, people still use this!)
# Matches both searches and downloads.
#
# http://opennap.sourceforge.net/napster.txt
#
# This pattern has been tested and is believed to work well.  If it does not
# work for you, or you believe it could be improved, please post to 
# l7-filter-developers@lists.sf.net .  This list may be subscribed to at
# http://lists.sourceforge.net/lists/listinfo/l7-filter-developers

napster
# (client-server: length, assumed to be less than 256, login or new user login, 
# username, password, port, client ID, link-type |
# client-client: 1, firewalled or not, username, filename) 
# Assumes that filenames are well-behaved ASCII strings.  I have found
# one case where this assumptions fails (filename had \x99 in it).
^(.[\x02\x06][!-~]+ [!-~]+ [0-9][0-9]?[0-9]?[0-9]?[0-9]? "[\x09-\x0d -~]+" ([0-9]|10)|1(send|get)[!-~]+ "[\x09-\x0d -~]+")