For instance, on your ntop command line, I would add the filter you want to use. If you wanted to see traffic from only 192.168.19.5 your filter might look like this:
--filter-expression host 192.168.19.5. You would add it to your /etc/ntop.conf, that is assuming that your Mandrake install uses the same files and configs. In my /etc/ntop.conf the section you care about starts near line 260, depending on how your file is set up. If you are making regular changes to your filters, I recommend using the user interface and go to the "Change Filter" section under the Admin link. "changeFilter.html". Use the same syntax found in man page for "tcpdump". Below is my actual file section. I do not use filters, all of mine is commented out, but it is simply a stock section: ########################### PERFORMANCE AND PROBLEMS ########################### ## -B | filter-expression -- gives ntop a bpf (Berkeley Packet Filter) expression ## to use. (the easiest place to find bpf documented is on the tcpdump man page). ## NOTE: The filter expression MUST be in quotes. ## To restrict ntop to only a few machines on a large network, say 192.168.1.88 ## through 91: #? -B "net 192.168.1.88/30" ## That is equivalent to specifying the specific hosts: #? -B "host (192.168.1.88 or 192.168.1.89 or 192.168.1.90 or 192.168.1.91)" ## You can limit traffic to that from (src) or to (dst) a specific host: #? -B "src host www.mycompany.com" #? -B "dst host www.mycompany.com" ## You can limit it to a specific protocol, including src/dst: #? -B "port ssh" #? -B "src port ssh" #? -B "dst port ssh" -- J. Eric Josephson Director of Network and System Operations 978-720-2159 mailto:[EMAIL PROTECTED] Aldo Werner <[EMAIL PROTECTED] To: [email protected] o.com> cc: Subject: Re: Re: How to config Ntop to see host on any net ?????? 01/12/2005 01:50 PM Hi Eric Josephson !!! thanks for your fast answer.... to start NTOP I using: "ntop -P /var/lib/ntop -u ntop -A" and then.... service ntop start and I installed ntop 3.0 from rpm to Mandrake It's the same to say ????: "block all traficc except that " what "configure Ntop start to see some IP address " ???? thanks for all.... bye!!!! Aldo > 1. Re: How to config Ntop to see host on any net > ?????? > Aldo, > You English is better than my Spanish! If I > understand you, you > want to filter out all traffic except for a specific > host, or group of > hosts. You can do this with the > "--filter-expression" option on the > command line or set the filter from the user > interface. From the man page: > > -B | --filter-expression > Filters allows the user to restrict the > traffic seen by ntop on > just > about any imaginable item. > > The filter expression is set at run time by > this parameter, but it > may > be changed during the ntop run on the Admin > | Change Filter web > page. > > The basic format is -B filter , where the > quotes are REQUIRED > > The syntax of the filter expression uses the > same BPF (Berkeley > Packet > Filter) expressions used by other packages > such as tcpdump > > For instance, suppose you are interested > only in the traffic > gener- > ated/received by the host jake.unipi.it. > ntop can then be > started > with the following filter: > > ntop -B src host jake.unipi.it or dst host > jake.unipi.it > > or in shorthand: > > ntop -B host jake.unipi.it or host > jake.unipi.it > > See the �?expression�? section of the > tcpdump man page - usually > avail- > able at > http://www.tcpdump.org/tcpdump_man.html - for > further > informa- > tion and the best quick guide to BPF filters > currently available. > > WARNING: If you are using complex filter > expressions, especially > those > with =s or meaningful spaces in them, be > sure and use the long > option > format, --filter-expression="xxxx" and not > -B "xxxx". > > -- > > J. Eric Josephson > Director of Network and System Operations > 978-720-2159 > mailto:[EMAIL PROTECTED] > Aldo Werner <[EMAIL PROTECTED] To:[email protected] Hi Anyone !!!! Sorry for my english.... I'm working in my > thesis.... project of I title.... memory. > > I'm using Ntop on Redhat9 and Mandrake Linux.... > both > work perfectly. > > the network that I need to scan, is very giant, it's > for that reason that only desire to see some host... > > ... and my question is: How is formed or configure > Ntop, to obtain rrd of some HOST ? > > Thank's for All.... > > I hope yours Help.... > > >From Chile.... Aldo !!! __________________________________ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
