I want to create a series of filters that have the form below:
#### exclude 161 UDP SNMP
not ( dst port 161 and proto UDP ) and
#### exclude 53 UDP DNS
not ( dst port 53 and proto UDP ) and
#### exclude 53 TCP DNS
not ( dst port 53 and proto TCP )
this does not work:
$ cat filters/temp.txt
not ( dst port 53 and proto UDP ) and
not ( dst port 53 and proto TCP ) and
not ( dst port 161 and proto UDP )
$ nfdump -B -r nfcapd.201612050004 -f ./filters/temp.txt -o "fmt:
%sa %da %dp %pr" | grep " 53 " | more
produces output of form below - no filtering
x.x.x.x y.y.y.y 53 UDP
x.x.x.x y.y.y.y 53 UDP
< continues >
Assuming this is possible - what is the proper syntax?
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Nfdump-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
