Mailing List Archive

How to filter dumped traffic
Hi,

I am testing ntopng 3.3.1 on a Centos 7. Is there anyway to filter dumped
packets to disk on an interface?

I would like to have a dedicated interface to dump traffic but the only
option I see is to dump "All packets" or "Unkonwn Layer7- Flows Packets".

Is there any way to filter the traffic that i would like to dump. i.e
between two IP or by ip+port of destination?

Could it be possible to download pcap file from ntopng also?

Greetings.
Re: How to filter dumped traffic [ In reply to ]
Hi,

> On 21 Dec 2017, at 18:58, Rokkhan <rokkhan@gmail.com> wrote:
>
> Hi,
>
> I am testing ntopng 3.3.1 on a Centos 7. Is there anyway to filter dumped packets to disk on an interface?
>
> I would like to have a dedicated interface to dump traffic but the only option I see is to dump "All packets" or "Unkonwn Layer7- Flows Packets".
>
> Is there any way to filter the traffic that i would like to dump. i.e between two IP or by ip+port of destination?

You can chose to record only the traffic of one or more given IPs. Visit the host page in ntopng and then select the checkbox record host traffic. If you need more flexibility have a look at n2disk. This will give you full control (via BPF filters) to chose which packets to record as well as full flexibility to extract subsets of recorded packets (again with BPF filters).

>
> Could it be possible to download pcap file from ntopng also?

Currently this is not supported.

>
> Greetings.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop
Re: How to filter dumped traffic [ In reply to ]
Hi,

> On 21 Dec 2017, at 18:58, Rokkhan <rokkhan@gmail.com> wrote:
>
> Hi,
>
> I am testing ntopng 3.3.1 on a Centos 7. Is there anyway to filter dumped packets to disk on an interface?
>
> I would like to have a dedicated interface to dump traffic but the only option I see is to dump "All packets" or "Unkonwn Layer7- Flows Packets".
>
> Is there any way to filter the traffic that i would like to dump. i.e between two IP or by ip+port of destination?

You can chose to record only the traffic of one or more given IPs. Visit the host page in ntopng and then select the checkbox record host traffic. If you need more flexibility have a look at n2disk. This will give you full control (via BPF filters) to chose which packets to record as well as full flexibility to extract subsets of recorded packets (again with BPF filters).

>
> Could it be possible to download pcap file from ntopng also?

Currently this is not supported.

>
> Greetings.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop