Hrmmm.. the flow-nfilter test hangs too.
Ok, a filter issue then.. Hrmm..
At leastI have a test I can keep running then :)
Nick
--
Nick Ellson
CCDA, CCNP, CCSP, CCAI, MCSE 2000, Security+, Network+
Network Hobbyist.
On Mon, 9 May 2005 [EMAIL PROTECTED] wrote:
You have the idea of what I was trying to get, and teh "or" directive makes sense, I would want that in there. However, your are also right, that did not alter the effect I am seeing.
When I start the flow-capture, with the "-F noise" in the arguments. I get a 88 Bytes tmp-xxxxx and in 20 mins it never grows.
When I leave that filter off, that tmp file grows about every 30 secs and turns into an ft-.. file every 15 mins like it should.
Now, I get a BUNCH of traffic, I would expect to see it grow a little. :)
I'll leave it running this time for an hour, and see what I get.
Otherwise, it does look like I figured out how to filter properly?
Hmmmm...well, I can't say I've actually used a capture filter. I always let flow-capture run wide open and have it dump out five minute files. Then I have a cron job that filters the ft* files. I can see where it would be nice to not even bother to save certain flows to disk tho. Have you tried to use this filter with flow-nfilter and flow-print...
flow-cat ft* | flow-nfilter -f filters.txt -F noise | flow-print
...does that work? It would be really weird if filters would function differently between flow-nfilter versus flow-capture.
_______________________________________________ Flow-tools mailing list [EMAIL PROTECTED] http://mailman.splintered.net/mailman/listinfo/flow-tools
