Re: [Ntop] newbie question | ntop

Burton Strauss Sun, 06 Apr 2003 08:37:09 -0700

Try being really, really careful to send us what you really typed... not what you 
think you typed.


>**FATAL_ERROR** Wrong filter '(host xxx.yyy.zzz.123 and not (host 
>xxx.yyy.zzz.0/24)' (Mask syntax for networks only) on interface eth0


-B "host bozo.clown.school.edu and not net xxx.yyy.zzz.0/24"
                                       ^^^

host != net


And, yes, the syntax is obtuse and not well documented...

-----Burton


---------- Original Message ----------------------------------
From: Evan Cooch <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Sun, 06 Apr 2003 11:00:45 -0400

>At 02:21 PM 4/5/2003 -0800, you wrote:
>>Sounds right - you can drop the src xxx or dst xxx and just use xxx
>>
>>-B "host bozo.clown.school.edu and not net xxx.yyy.zzz.0/24"
>>
>>Read up on the filter syntax in the tcpdump stuff - everything that uses 
>>libpcap has the same 'BPF' syntax.
>
>Still reading the tcpdump material - some of it is a bit obtuse, but I've 
>picked up a few things.
>
>However, in the shorter term, I tried
>
>>-B "host bozo.clown.school.edu and not net xxx.yyy.zzz.0/24"
>
>
>and got the following error message:
>
>**FATAL_ERROR** Wrong filter '(host xxx.yyy.zzz.123 and not (host 
>xxx.yyy.zzz.0/24)' (Mask syntax for networks only) on interface eth0
>
>Hmmm....I don't think this is an interface issue (since I get the same 
>message even if I try -i eth0).
>
>So, I tried ... and not (host xxx.yyy.zzz.0)   (i.e., dropping the /24), 
>and I don't get a fatal error, but its also not filtering what I want (it 
>seems to record any traffic from within xxx.yyy.zzz.
>
>Again, basically, trying to record all traffic to/from xxx.yyy.zzz.123, but 
>excluding any traffic from any other machine in the xxx.yyy.zzz domain). In 
>other words, all I'm interested in is traffic to/from external hosts, and 
>not from any internally generated traffic.
>
>Suggestions?
>
>_______________________________________________
>Ntop mailing list
>[EMAIL PROTECTED]
>http://listgateway.unipi.it/mailman/listinfo/ntop
>


____________________________________________________________
Free 20MB Web Site Hosting and Personalized E-mail Service!
Get It Now At Doteasy.com http://www.doteasy.com/et/
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop

Re: [Ntop] newbie question | ntop

Reply via email to