Re: ntopng & packet filter of libpcap

[Guy Harris <guy () alum mit edu>]

On Jan 23, 2015, at 12:25 PM, Gerhard Mourani <gmourani () gmail com> wrote:

> I’m using ntopng which rely on libpcap for the filtering expression. Below is what I think to be valide to use into 
> my ntopng configuration file but seem to not working at all.
>
> --packet-filter "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff and not net (224.0.0.0/8 or 239.0.0.0/8) 
> and not host (192.168.2.10)"

This means:

        if the packet isn't IPv4 ("ip" doesn't mean "IPv4 or IPv6", it means "IPv4"), don't accept it

        if the packet is IPv6 over IPv4, don't accept it

        if the packet is sent to (or from) the MAC broadcast address, don't accept it

        if the packet is sent to or from the 224.0.0.0/8 or 239.0.0.0/8 "network" (multicast), don't accept it

        if the packet is sent to or from 192.168.210, don't accept it

        otherwise accept it

Is this what you want?

If not, what do you want?

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers