We are trying to block the ability to do file transfers through Msn
Messenger on our Checkpoint NG w/AI R55 firewall. I've seen various
articles stating that Msn Messenger file transfer uses ports 6891-6900,
but when I do a packet capture I see nothing but traffic over 1863, or
port 80 for those who block the native 1863 port.
Checkpoint NG w/AI has SmartDefense which allows you to set HTTP Header
detection items so after a few packet traces (using Packetyzer) I saw
that when a file transfer starts it uses the following: Content-Type
x-msnmsgrp2p
I created a new item with x-msnmsgrp2p set as the Content Type and
pushed out the new policy, but I am still able to do file transfers from
within Messenger from inside to outside the firewall and vice versa.
I want to run tcpdump on the Nokia box to make sure that is the only
header and that I'm not missing any that might get stripped. Does
tcpdump allow me to grab http headers and if so what command options do
I need to use to grab that info?
Thanks,
Jeff
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
