The examples in the man page, right below, show sample expressions - it's just a standard bpf expression...
It's useless - it is NOT an ntop filter, it just defines a counter of packets matching a bpf expression. So it's useless because all it does is put a count on one page. -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Dias Sent: Saturday, December 11, 2004 5:02 PM To: [EMAIL PROTECTED] Subject: RE: [Ntop] --flow-spec specification Hi, On Sat, 2004-12-11 at 15:39 -0600, Burton Strauss wrote: > Did you read man ntop? And look at the examples?? yep. The man page said: "The expression format is specified in the appendix." I never found this "appendix" and I did not know that this was bpf. Why do you say it is useless? I am trying to have separated stats from the traffic comming and going to my gateway (similar to mrtg) and to individual hosts. I may be looking into the wrong place, but I thought this would be a place to start. --Raul Dias > > -F | --flow-spec > It is used to specify network flows similar to more powerful > applica- > tions such as NeTraMet. A flow is a stream of captured > packets that > match a specified rule. The format is > > <flow-label>='<matching expression>'[,<flow-label>='<matching > expres- > sion>'] > > , where the label is used to symbolically identify the flow > specified > by the expression. The expression format is specified in > the > appendix. If an expression is specified, then the information > concern- > ing flows can be accessed following the HTML link named > 'List > Net- > Flows'. > > For instance define two flows with the following > expression > Luca- > Hosts='host jake.unipi.it or host > pisanino.unipi.it',GatewayRoutedP- > kts='gateway gateway.unipi.it' . > > All the traffic sent/received by hosts jake.unipi.it > or > pisanino.unipi.it is collected by ntop and added to the > LucaHosts > flow, whereas all the packet routed by the gateway > gateway.unipi.it > are added to the GatewayRoutedPkts flow. If the flows list > is very > long you may store in a file (for instance flows.list) and > specify the > file name instead of the actual flows list (in the above > example, this > would be 'ntop -F flows.list'). > > Note that the double quotations around the entire flow > expression are > required. > > It's just a standard bpf expression... > > It's also pretty useless. > > -----Burton > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Raul Dias > Sent: Saturday, December 11, 2004 1:58 PM > To: [EMAIL PROTECTED] > Subject: [Ntop] --flow-spec specification > > Hi, > > I have looked everywhere for this without good result. > > What is the specification of the 'matching expression' to be used in > the '--flow-spec' specification? > > > > Thanks, > Raul Dias > > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > Ntop mailing list > [EMAIL PROTECTED] > http://listgateway.unipi.it/mailman/listinfo/ntop -- Raul Dias <[EMAIL PROTECTED]> _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
