On Sat, 13 May 2006 06:00:24 -0400, ntop-request wrote > Send Ntop mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://listgateway.unipi.it/mailman/listinfo/ntop > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Ntop digest..." > > Today's Topics: > > 1. Re: Ntop with -q flag ignores -B filter (James Lay) > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 12 May 2006 15:34:24 -0600 > From: James Lay <[EMAIL PROTECTED]> > Subject: Re: [Ntop] Ntop with -q flag ignores -B filter > To: [email protected] > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset=US-ASCII > > Agreed....and that's what makes it so odd. I DON'T want to see any > suspicious packet info on port 6881, and yet even specifically > requesting to see all traffic but anything on 6881, I still see the > suspicious stuff in the log file. > > James > > On Fri, 12 May 2006 16:18:41 -0500 > "Burton Strauss" <[EMAIL PROTECTED]> wrote: > > > Um - let's back up one step - isn't that filter always true? Unless > > you have a packet from 6881 to 6881... > > > > -----Burton > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of James Lay > > Sent: Friday, May 12, 2006 8:55 AM > > To: [email protected] > > Subject: Re: [Ntop] Ntop with -q flag ignores -B filter > > > > On Fri, 12 May 2006 08:18:59 -0500 > > "Burton Strauss" <[EMAIL PROTECTED]> wrote: > > > > > Try dropping 'ip and' > > > > > > I don't remember why, but there is a nagging little memory about > > > bpf filters in the back of my mind that is rumbling for attention... > > > > > > > > > Also, can you: > > > > > > 1. try both filters w/ tcpdump (both use libpcap) ... > > > 2. Version info on libpcap, OS, etc. > > > > > > Thanks! > > > > > > -----Burton > > > > Hey Burton! > > > > Ok same results with -B not port 6881. Versions are: > > > > tcpdump version 3.8.3 > > libpcap version 0.8.3 > > Slackware linux > > ntop v.3.2 > > > > Thanks! > > > > james > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > > Behalf Of James Lay > > > Sent: Friday, May 12, 2006 7:40 AM > > > To: Ntop > > > Subject: [Ntop] Ntop with -q flag ignores -B filter > > > > > > Hey All! > > > > > > Here's the startup line: > > > > > > /usr/local/bin/ntop -u jlay -i ppp0 -w 3010 -d -q -L -B "ip and not > > > port 6881" > > > > > > and here's the result: > > > > > > May 12 06:34:50 homebox ntop[23983]: **WARNING** Host [homebox] > > > sent UDP data to a closed port of host [24.22.162.116:6881] (scan > > > attempt?) > > > > > > Just an FYI..more of a nuisance then a real issue =D > > > > > > James > > > _______________________________________________ > > > Ntop mailing list > > > [email protected] > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > > > _______________________________________________ > > > Ntop mailing list > > > [email protected] > > > http://listgateway.unipi.it/mailman/listinfo/ntop > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > > > _______________________________________________ > > Ntop mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop > > ------------------------------ > > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop > > End of Ntop Digest, Vol 24, Issue 9 > ***********************************
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
