skip to main content
Department of Computer Science University of Colorado Boulder
cu: home | engineering | mycuinfo | about | cu a-z | search cu | contact cu cs: about | calendar | directory | catalog | schedules | mobile | contact cs
home · undergraduate program · senior project · projects · 

Senior Project - Spelunk


IP Packet Content Filtering and Pattern Discovery in Linux

Senior Project: 2003-2004
Jennifer Gerull, Elizabeth Grogan, Justin Hart, Wesley Hofmann and Elizabeth Zerwick
Lafayette, CO

APconnections has developed a Linux Bandwidth Arbitrator. This device sits between a network and the outside world and monitors traffic in and out of the network. Its main purpose is to identify internet packets from specific applications and delay them according to user settings. It also implements content filtering by matching packets for "bad" content and dropping them.

The problem is that there is no way for the client to know a page has been blocked for content. The client's browser will then simply hang. The purpose of this project was to find a way to send a customizable response to the user. Also, identifying applications involves the use of regular expressions to match patterns present in packets from that application, e.g. Kazaa packets. Finding these patterns and regular expressions is a difficult process to do manually. The second purpose of the project was to automate this pattern discovery process.

The first problem was solved by replacing bad content in a packet with a custom message, modifying the header information to allow the browser to accept the modified packet, and sending the packet on to the user as if nothing had ever happened. This was implemented inside the bridge module of the Linux kernel. The second problem was solved by creating a file filled with packets dumped from inside the bridge module and running a pattern finding algorithm over the file. The kernel modifications were all implemented in C, while the pattern finding system was implemented in C++. A web-based user interface for controlling the system was implemented in PHP.

User Interface
User Interface
Rule Discovery
Rule Discovery
Access Denied!
Access Denied!
See also:
Department of Computer Science
College of Engineering and Applied Science
University of Colorado Boulder
Boulder, CO 80309-0430 USA
Send email to

Engineering Center Office Tower
ECOT 717
FAX +1-303-492-2844
XHTML 1.0/CSS2 ©2012 Regents of the University of Colorado
Privacy · Legal · Trademarks
May 5, 2012 (14:07)