sniff and block packets in a server

Question

I'm new to the concept of nw-sniffing. < so , i'll try to describe the problem with the best terms i know >

In an organisation , there are 30 computers connected to a server. And as users of these systems browse the Internet , packets are sent to the outside nw via this server.. i want to write an application that runs in this server , that sniffs these packets , reads the Http requests , the IP addresses to analyse these packets and block those found objectionable.

Where to begin ? pl help. Thanks in advance.

Answer 1

The best place to begin would definately be theory. Look up how IP packets are built-up, what a HTTP packet looks like and how networks are structured at a low level. There's alot worth learning.

As far as tools for learning go, I'd highly recommend Wireshark. Allow you to perform DPI (Deep Packet Inspection) and get used to what you're after.

A common method of DPI is to use a SOCKS server or similar proxy through which all traffic is filtered.

DPI has downsides. It will affect your network and, if naively implemented, can easily add a single point of failure.