Yes, it is what I want but seem that ntopng doesn’t take it in consideration
because I can still view packet sent to or from 192.168.2.10!
Therfore, I’m presuming that maybe some () or other characters are missing in
my filtering.
> On Jan 23, 2015, at 4:07 PM, Guy Harris <g...@alum.mit.edu> wrote:
>
>
> On Jan 23, 2015, at 12:25 PM, Gerhard Mourani <gmour...@gmail.com> wrote:
>
>> I’m using ntopng which rely on libpcap for the filtering expression. Below
>> is what I think to be valide to use into my ntopng configuration file but
>> seem to not working at all.
>>
>> --packet-filter "ip and not proto ipv6 and not ether host ff:ff:ff:ff:ff:ff
>> and not net (224.0.0.0/8 or 239.0.0.0/8) and not host (192.168.2.10)"
>
> This means:
>
> if the packet isn't IPv4 ("ip" doesn't mean "IPv4 or IPv6", it means
> "IPv4"), don't accept it
>
> if the packet is IPv6 over IPv4, don't accept it
>
> if the packet is sent to (or from) the MAC broadcast address, don't
> accept it
>
> if the packet is sent to or from the 224.0.0.0/8 or 239.0.0.0/8
> "network" (multicast), don't accept it
>
> if the packet is sent to or from 192.168.210, don't accept it
>
> otherwise accept it
>
> Is this what you want?
>
> If not, what do you want?
>
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
