I have tried that also: 25/Jun/2015 06:00:46 [nprobe.c:6345] WARNING: You cannot use BPF filters (ip and not proto ipv6 and not ether host 00:00:00:00:00:00) in collector/proxy mode: BPF filter disabled
cat nprobe.conf -i=none -n=none -3=2055 --zmq tcp://127.0.0.1:5556 -f="ip and not proto ipv6 and not ether host 00:00:00:00:00:00" -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of [email protected] Sent: Thursday, June 25, 2015 4:00 AM To: [email protected] Subject: Ntop-misc Digest, Vol 132, Issue 18 Send Ntop-misc mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://listgateway.unipi.it/mailman/listinfo/ntop-misc or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of Ntop-misc digest..." Today's Topics: 1. NTOPNG NPROBE Packet Filtering (Carlton, Dan) 2. Re: NTOPNG NPROBE Packet Filtering (Manuel Polonio) ---------------------------------------------------------------------- Message: 1 Date: Wed, 24 Jun 2015 21:28:52 +0000 From: "Carlton, Dan" <[email protected]> To: "[email protected]" <[email protected]> Subject: [Ntop-misc] NTOPNG NPROBE Packet Filtering Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Hi... I am using NTOPNG (2.0.150624) with NPROBE (7.1.150624) {PFRING 6.1.1) for NetFlow collection. I want to filter out the NoIP traffic I am seeing. I have tried to set a filter but am getting an error. The filter is: -B="ip and not proto ipv6 and not ether host 00:00:00:00:00:00" And the error is: [src/CollectorInterface.cpp:171] ERROR: No filter can be set on a collector interface. Ignored ip and not proto ipv6 and not ether host 00:00:00:00:00:00 My startup scripts for both are: [root@xx]# cat /etc/ntopng/ntopng.conf -G=/var/tmp/ntopng.pid -i tcp://127.0.0.1:5556 -m "10.1.2.0/24,10.1.3.0/24,10.1.5.0/24,10.1.6.0/24,10.1.9.0/24,10.1.15.0/24,10.1.28.0/24,10.1.20.0/24,10.2.2.0/24,10.2.3.0/24,10.2.5.0/24,10.2.6.0/24,10.2.9.0/24,10.2.15.0/24,10.2.28.0/24,10.2.20.0/24,10.100.100.0/24,10.100.101.0/24" -p /etc/ntopng/custom.protos -B="ip and not proto ipv6 and not ether host 00:00:00:00:00:00" [root@xx ]# cat /etc/nprobe/nprobe.conf -i=none -n=none -3=2055 --zmq tcp://127.0.0.1:5556 Any help would be appreciated. Dan CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/attachments/20150624/c1a1596d/attachment-0001.htm> ------------------------------ Message: 2 Date: Thu, 25 Jun 2015 08:12:53 +0200 From: Manuel Polonio <[email protected]> To: [email protected] Subject: Re: [Ntop-misc] NTOPNG NPROBE Packet Filtering Message-ID: <CAKemk9_y=cadm0ogomx75m+5bvwcmnledowp0gr2fhrb2xs...@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hi Dan, I think your problem is that the BPF filter should be configured on the exporter (nProbe) and not on the collector (ntop). Hope it helps, Manuel Polonio 2015-06-24 23:28 GMT+02:00 Carlton, Dan <[email protected]>: > Hi? > > > > I am using NTOPNG (2.0.150624) with NPROBE (7.1.150624) {PFRING 6.1.1) > for NetFlow collection. > > > > I want to filter out the NoIP traffic I am seeing. I have tried to set > a filter but am getting an error. > > > > The filter is: > > > > -B="ip and not proto ipv6 and not ether host 00:00:00:00:00:00" > > > > And the error is: > > > > [src/CollectorInterface.cpp:171] ERROR: No filter can be set on a > collector interface. Ignored ip and not proto ipv6 and not ether host > 00:00:00:00:00:00 > > > > My startup scripts for both are: > > > > [root@xx]# cat */etc/ntopng/ntopng.conf* > > -G=/var/tmp/ntopng.pid > > -i tcp://127.0.0.1:5556 > > -m " > 10.1.2.0/24,10.1.3.0/24,10.1.5.0/24,10.1.6.0/24,10.1.9.0/24,10.1.15.0/ > 24,10.1.28.0/24,10.1.20.0/24,10.2.2.0/24,10.2.3.0/24,10.2.5.0/24,10.2. > 6.0/24,10.2.9.0/24,10.2.15.0/24,10.2.28.0/24,10.2.20.0/24,10.100.100.0 > /24,10.100.101.0/24 > " > > -p /etc/ntopng/custom.protos > > -B="ip and not proto ipv6 and not ether host 00:00:00:00:00:00" > > > > [root@xx ]# cat */etc/nprobe/nprobe.conf* > > -i=none > > -n=none > > -3=2055 > > --zmq tcp://127.0.0.1:5556 > > > > Any help would be appreciated. > > > Dan > > > > CONFIDENTIALITY NOTICE: This message is the property of International > Game Technology PLC and/or its subsidiaries and may contain > proprietary, confidential or trade secret information. This message > is intended solely for the use of the addressee. If you are not the > intended recipient and have received this message in error, please > delete this message from your system. Any unauthorized reading, > distribution, copying, or other use of this message or its attachments is > strictly prohibited. > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listgateway.unipi.it/mailman/private/ntop-misc/attachments/20150625/61553313/attachment-0001.htm> ------------------------------ _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc End of Ntop-misc Digest, Vol 132, Issue 18 ****************************************** CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information. This message is intended solely for the use of the addressee. If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited. _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
