Hey Ive just upgraded from ntop 2.2 to Ntop 3.0 on a FreeBSD 4.9-Stable box. The problem we are having is with ntops bpf filter expressions from the command line.
This particular expression we use with tcpdump and it works fine. We believe it to be a command line parsing issue because if we use the http gui and add what we want it works fine. These are the various command lines we tried that dont work: ./ntop -u nobody -P /var/db/ntop -w 3000 -W 0 -e 50 -n -i fxp1 -b -z -B "tcp and 'ether[1:1]\&0x00\=0'" FATAL ERROR: Unrecognized/unprocessed ntop options...and ether[1:1]&0x00="0 ./ntop -u nobody -P /var/db/ntop -w 3000 -W 0 -e 50 -n -i fxp1 -b -z -B "tcp and ether[1:1]\&0x00\=0" FATAL ERROR: Unrecognized/unprocessed ntop options...and ether[1:1]&0x00=0 These however run fine: ./ntop -u nobody -P /var/db/ntop -w 3000 -W 0 -e 50 -n -i fxp1 -b -z -B "ether[1:1]\&0x00\=0" ./ntop -u nobody -P /var/db/ntop -w 3000 -W 0 -e 50 -n -i fxp1 -b -z -B "tcp and port http" If we use use the Ntop admin page and change the filter with http then it works fine - Filter Expression: tcp and port http and ether[1:1]&0x00=0 If anyone could help or suggest fix, it would be greatly appreciated Thanks /Cole _______________________________________________ Ntop-dev mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
