I've try the two commands,but both of the bpf did not work. nprobe still log lots of information which I did not care,I only want to get the POP_USER data from tcp port 110.
How can I make it ? Thank you! ./nprobe -f "port pop3" -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %POP_USER" -b 1 -i dna0 --json-labels -P /tmp/mail/ ./nprobe -f "port 110" -T "%IPV4_SRC_ADDR %IPV4_DST_ADDR %PROTOCOL %L4_SRC_PORT %L4_DST_PORT %POP_USER" -b 1 -i dna0 --json-labels -P /tmp/mail/ IPV4_SRC_ADDR|IPV4_DST_ADDR|PROTOCOL|L4_SRC_PORT|L4_DST_PORT|POP_USER 192.168.0.237|192.168.15.101|6|37024|8080| 192.168.15.101|192.168.0.237|6|8080|37024| 192.168.0.237|192.168.15.101|6|37025|8080| 192.168.15.101|192.168.0.237|6|8080|37025| 192.168.0.237|192.168.15.101|6|37026|8080| 192.168.15.101|192.168.0.237|6|8080|37026| 192.168.0.237|192.168.15.101|6|37027|8080| 192.168.15.101|192.168.0.237|6|8080|37027| 192.168.30.111|192.168.17.254|6|50746|8080|
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
