Mailing List Archive

Hi,

You can use a BPF filter:

-B "not port bootps"


Simone

> On 7 Nov 2019, at 12:31, Michael <srmycall@yahoo.com> wrote:
>
> Is there a way to hide flows for DHCP traffic? I keep seeing the flows between 0.0.0.0 and 255.255.255.255 for clients looking for an IP address.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

You can use a BPF filter:

-B "not port bootps"


Simone

> On 7 Nov 2019, at 12:31, Michael <srmycall@yahoo.com> wrote:
>
> Is there a way to hide flows for DHCP traffic? I keep seeing the flows between 0.0.0.0 and 255.255.255.255 for clients looking for an IP address.
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop

That didn't work but I should have been more precise. This is a ZMQ interface receiving flows from nProbe. Neither nProbe or Ntopng are capturing. I tried running nProbe with --bpf-filter "not port bootps" but flows between 0.0.0.0 and 255.255.255.255 still show. Is there a way to apply this filter to Ntopng for flows received from Nprobe, or to Nprobe for collected Netflow data? On Thursday, November 7, 2019, 09:12:45 AM EST, Simone Mainardi <mainardi@ntop.org> wrote:

Hi,
You can use a BPF filter:
-B "not port bootps"

Simone


On 7 Nov 2019, at 12:31, Michael <srmycall@yahoo.com> wrote:
Is there a way to hide flows for DHCP traffic? I keep seeing the flows between 0.0.0.0 and 255.255.255.255 for clients looking for an IP address._______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

_______________________________________________
Ntop mailing list
Ntop@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop

Hi,

> On 9 Nov 2019, at 14:27, Michael <srmycall@yahoo.com> wrote:
>
> That didn't work but I should have been more precise. This is a ZMQ interface receiving flows from nProbe. Neither nProbe or Ntopng are capturing. I tried running nProbe with --bpf-filter "not port bootps" but flows between 0.0.0.0 and 255.255.255.255 still show. Is there a way to apply this filter to Ntopng for flows received from Nprobe, or to Nprobe for collected Netflow data?

OK, in that case you have to use option --collection-filter on nProbe. Use a /32 to exclude the single address. See:

--collection-filter <filter> | Filter applied to collected filters only (-3). Filter format:
| [!]<asX | network/mask> (! means discard flows matching filter)
| Multiple filters can be defined using multiple --collection-filter options.
| Filter examples: !as12345, 192.168.0.0/24, !10.0.0.0/8



Simone

> On Thursday, November 7, 2019, 09:12:45 AM EST, Simone Mainardi <mainardi@ntop.org> wrote:
>
>
> Hi,
>
> You can use a BPF filter:
>
> -B "not port bootps"
>
>
> Simone
>
>> On 7 Nov 2019, at 12:31, Michael <srmycall@yahoo.com <mailto:srmycall@yahoo.com>> wrote:
>>
>> Is there a way to hide flows for DHCP traffic? I keep seeing the flows between 0.0.0.0 and 255.255.255.255 for clients looking for an IP address.
>> _______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop