On 09/08/03 14:43 -0500, Burton M. Strauss III wrote:
> Read the code a little more carefully and you will find that it's in there,
> but not easy to read. grep for pcap_compile() you'll notice that only in
> the main code is it applied via pcap_setfilter(). The plugins pcap_compile
> is creating a filter program to be used by pbuf.c to figure out which
> plugins need to see the packet - grep for myGlobals.flowsList.
Right, when I wake up. Grepping code at 1:30 am is not fun :).
Minor style nit: code_like_this is easier to read than codeLikeThis though.
(not important in any major way, I just prefer the first style).
> However, that's irrelevant...
>
> Using a bpf cause libpcap to strips out the packets - meaning ntop never
> sees them. You don't want to do that. If you had applied the correct (AND)
> filter, you would be here saying it's not seeing ANY traffic.
Nope, the AND filter is not what I want.
LAN <=> Gateway with 2 interfaces <=> Internet
running ntop
I want to record the conversations getting routed to the internet, but
only one end of the conversation. What happens on the external interface
is no problem, not relevant and not wanted. Boxes on the LAN talking to
each other are not relevant and not wanted.
> What you want is to record only the local hosts - which is the -g
> | --track-local-hosts switch. If that's not working, then that's a
> completely separate issue. Please file a full Problem Report and include a
> short tcpdump packet capture (something like tcpdump -c25 ip, so we can see
> there really is traffic and what it looks like.
Yes. I have CVS as of yesterday, so I will try with that as well, and
file a PR for both versions, if needed. If I can figure out the issue,
I'll try to make a patch for it as well.
Devdas Bhagat
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
