Sounds right - you can drop the src xxx or dst xxx and just use xxx -B "host bozo.clown.school.edu and not net xxx.yyy.zzz.0/24"
Read up on the filter syntax in the tcpdump stuff - everything that uses libpcap has the same 'BPF' syntax. -----Burton ---------- Original Message ---------------------------------- From: Evan Cooch <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Sat, 05 Apr 2003 16:03:35 -0500 > >> >>I've managed to get started in the right direction, at least, using >> >>src host bozo.clown.school.edu or dst host bozo.clown.schoo.edu > >I tried the following: > >(src host bozo.clown.school.edu or dst host bozo.clown.school.edu) and not >(src net xxx.yyy.zzz.0 or dst net xxx.yyy.zzz.0) > >where bozo.clown.school.edu is one of the machines within net >xxx.yyy.zzz.0, but this doesn't seem to work. > >I want stats on all traffic to/from bozo.clown.school.edu, except any >traffic originating from the local domain. The problem is, how to write >this filter, since bozo.clown.school.edu is part of the local domain. > >Suggestions? Thanks! > > >---------------------------------------------------------------------- > Evan Cooch e.mail: [EMAIL PROTECTED] > Department of Natural Resources voice: 607-255-1368 > Fernow Hall - Cornell University FAX: 607-255-0349 > Ithaca, NY 14853 http://canuck.dnr.cornell.edu >---------------------------------------------------------------------- >In God we trust. Everyone else must bring data... > >_______________________________________________ >Ntop mailing list >[EMAIL PROTECTED] >http://listgateway.unipi.it/mailman/listinfo/ntop > ____________________________________________________________ Free 20MB Web Site Hosting and Personalized E-mail Service! Get It Now At Doteasy.com http://www.doteasy.com/et/ _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
