What do you mean 'doesn't work'? Is it being rejected? Or just doesn't seem to function? You may need --trace-level 5 to see all of the filter related log messages.
Syntactically, that seems correct, but useless. If you're monitoring a LAN, pretty much all the traffic you see WILL have either it's Source or Destination as part of the local network. If you're trying to limit yourself to LOCAL traffic only, then use AND not OR. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Devdas Bhagat Sent: Friday, August 08, 2003 10:16 PM To: [EMAIL PROTECTED] Subject: [Ntop] ntop BPF issues. I am trying to dump ntop data via a script. The problem is that there are too many host connections and dumping the data in a Perl hash (via dumpData.html) is timing out with a warning about alarm in the logs. I setup a BPF filer with -B "net 192.168.1.0/24" which didn't work. Alternatively, I have also used "src or dst net 192.168.1" "src or dst net 192.168.1.0/24" "src or dst net 192.168.1.0/24" "src net 192.168.1.0/24 or dst net 192.168.1.0/24" None of which work. Any ideas on how I can specify a correct BPF filter (I followed the tcpdump rules, as stated in the man page)? ntop version is 2.2c compiled from the source RPM on sourceforge on RedHat 7.3. Devdas Bhagat _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
