Mailing List Archive

Dear Brett,

The filter you have indicated is not valid as reported by ntopng:

Simones-MBP:ntopng simone$ sudo ./ntopng -i en0 --packet-filter="ip and not
(ip multicast || ether broadcast) and not (src net 10.0.50.200/26)"
08/Jan/2017 11:19:50 [Ntop.cpp:1131] Setting local networks to 127.0.0.0/8
08/Jan/2017 11:19:50 [Redis.cpp:108] Successfully connected to redis
127.0.0.1:6379@0
08/Jan/2017 11:19:50 [PcapInterface.cpp:86] Reading packets from interface
en0...
08/Jan/2017 11:19:50 [PcapInterface.cpp:251] ERROR: Unable to set on en0
filter ip and not (ip multicast || ether broadcast) and not (src net
10.0.50.200/26). Filter ignored.


The clause src net "10.0.50.200/26" is not correct as there's one bit set
in the host part of the address. If you want to exclude a /26 network that
contains host 10.0.50.200 you should use "10.0.50.192/26"

In conclusion, use this filter and everything will
work: --packet-filter="ip and not ip multicast and not ether broadcast and
not src net 10.0.50.192/26"


In general, please refer to this guide: https://biot.com/capstats/bpf.html


Regards,
Simone




On Fri, Jan 6, 2017 at 7:59 AM, Brett Stiell (CCIH) <
brett.stiell@cargocarriers.co.zw> wrote:

> Hi there
>
>
>
> I still cannot get filtering to work completely on my ntopng installation.
>
>
>
> I really would like to exclude traffic from a subnet and also to ignore
> broadcasts and mutlicasts if possible.
>
>
>
> My filter statement is as follows
>
>
>
> --packet-filter="ip and not (ip multicast || ether broadcast) and not (src
> net 10.0.50.200/26)"
>
>
>
> I have successfully managed to get a single host from being excluded but I
> cannot find any detailed documentation in the user guide for setting up
> these filtering statements.
>
>
>
> Any assistance would be greatly appreciated.
>
>
>
> Thank you
>
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>