0. (Minor point) - it makes it easier to follow in the mail archive if you send two messages for two problems...
1. The filter syntax is the standard libpcap filter - look for tcpdump documentation, I've found that's the best. For example, under tcpdump: [root@tigger root]# tcpdump -i eth0 "port 25 or 110" So for ntop, the syntax is the same, with the -B parameter, e.g.: [root@tigger root]# ntop ... -"B "port 25 or 110" 2. Global Traffic report. I don't know. It may be a bug - my report only lists one interface also. Needs to be investigated... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kaan G|ne~ Gelik Sent: Sunday, February 17, 2002 11:09 PM To: [EMAIL PROTECTED] Subject: [Ntop] syntax for filtering Hi all, First, thanks for your support. I have some questions. In order to enable filtering, what is the syntax? for example, I want to filter packages only for port 110 and 25, or I want to filter traffic of only one host or a subnet? How can I make ntop to generate alarms when the packages pass over threshhold? And the last question is : When getting global traffic stats, I can get the information of size of the packages, packets too long (>1514) and bad packets (checksum). But for only localhost. How can I get this information for other hosts? (The other hosts information does not give these details) Kind Regards and thanks. Kaan Gunes Celik [EMAIL PROTECTED] __________________________________________________ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
