Re: ntopng & packet filter of libpcap

[Gerhard Mourani <gmourani () gmail com>]

Yes, it is what I want but seem that ntopng doesn’t take it in consideration because I can still view packet sent to or 
from 192.168.2.10!
Therfore, I’m presuming that maybe some () or other characters are missing in my filtering.

> On Jan 23, 2015, at 4:07 PM, Guy Harris <guy () alum mit edu> wrote:
>
>
> On Jan 23, 2015, at 12:25 PM, Gerhard Mourani <gmourani () gmail com> wrote:
>
> > I’m using ntopng which rely on libpcap for the filtering expression. Below is what I think to be valide to use into 
> > my ntopng configuration file but seem to not working at all.
> >
> > --packet-filter "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) 
> > and not host (192.168.2.10)"
>
> This means:
>
>       if the packet isn't IPv4 ("ip" doesn't mean "IPv4 or IPv6", it means "IPv4"), don't accept it
>
>       if the packet is IPv6 over IPv4, don't accept it
>
>       if the packet is sent to (or from) the MAC broadcast address, don't accept it
>
>       if the packet is sent to or from the 224.0.0.0/8 or 239.0.0.0/8 "network" (multicast), don't accept it
>
>       if the packet is sent to or from 192.168.210, don't accept it
>
>       otherwise accept it
>
> Is this what you want?
>
> If not, what do you want?

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers