Just a note - I've found a way of doing this through the Catalyst 6500. If anyone is interested, the basic syntax is:
mls nde flow exclude source 10.10.10.0 255.255.240.0 destination 10.10.10.0 255.255.240.0 Running IOS 12.1(22)E1. (native mode) Scott > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Scott > Cameron > Sent: Thursday, May 27, 2004 1:58 PM > To: [EMAIL PROTECTED] > Subject: RE: [Ntop] PCAP & NTOP > > > Thanks.. > > It seems as though the white/black list configuration in the > plugin doesn't > allow for the same versatility as the PCAP expression. I > wish to exclude > traffic only if its source /20 and destination /20 are the > same, but include > everything else. It does not appear as though this is a > possibility with > the black list -- is this true? If so, is it possible to > have a filter liek > this within ntop? > > Scott > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > Behalf Of Luca > > Deri > > Sent: Thursday, May 27, 2004 1:43 PM > > To: [EMAIL PROTECTED] > > Subject: Re: [Ntop] PCAP & NTOP > > > > > > Scott, > > the filter is not applied to the flows but on the incoming > > packets. You > > should set white/black list into the NetFlow plugin. > > > > Cheers, Luca > > > > Scott Cameron wrote: > > > > >Hi guys, > > > > > >I'm trying to set a pcap filter to filter out certain > > unwanted traffic. Our > > >goal is to only see traffic from the internet, to our > > network, and vice > > >versa. > > > > > >My pcap filter: > > > > > >not src and dst net x.x.x.0/20 > > > > > >I'm running NetFlow v7 on a Catalyst 6500 and exporting to > > the ntop netflow > > >collector. However, I can still see in the statistics for > > each IP that it > > >is picking up at least some of the 'internal' traffic. > > > > > >Is my filter broken, or am I missing something else? > > > > > >Scott > > > > > >_______________________________________________ > > >Ntop mailing list > > >[EMAIL PROTECTED] > > >http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > > > > > > > -- > > Luca Deri <[EMAIL PROTECTED]> http://luca.ntop.org/ > > Hacker: someone who loves to program and enjoys being > > clever about it - Richard Stallman > > > > _______________________________________________ > > Ntop mailing list > > [EMAIL PROTECTED] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
