Hi Alfredo,
Yes. when running "pfcount --help" show to pass -f <filter> [BPF filter].
I am trying to block and drop the packets if matches the host name as
youtube, facebook. In "userland/string.sample", I have kept facebook and
youtube string. I am giving following command.
ex: ./pfcount -i eth0 -x string.sample -o 1.txt
(This is filtering out matched packets and keeping statistics in
1.txt.log file)
-> My question is What I should pass with -f <?> to block and drop those
matched packets ?
ex: ./pfcount -i eth0 -x string.sample -o 1.txt -f <?>
regards
Prateek
On Wednesday 04 November 2015 02:51 PM, Alfredo Cardigliano wrote:
Please take a look at pfcount.c, it includes the examples you need.
-f expects a bpf filter (string)
Alfredo
On 04 Nov 2015, at 08:49, PRATEEK MOHANTY <[email protected]>
wrote:
Hi Alfredo,
I have checked doxygen docs for bpf_filter, but couldn't find any examples. I am using
pfcount application but not sure what to pass with "-f" notation. Could you
give some example of commands for BPF,hash/wildcard filters ?
regards
Prateek
On Wednesday 04 November 2015 01:05 PM, PRATEEK MOHANTY wrote:
Hi Alfredo,
Thanks for reply. I have few doubts, please help me to clear it.
1. Can I use PF_RING for per wifi VAPs ?
2. Can I filter packets based on host strings like facebook,youtube and drop
those packets ? If yes, how?
3. How nDPI and PF_RING are different ?
4. Can I use nDPI for wifi vap interfaces with mips processor ?
regards
Prateek
On Wednesday 04 November 2015 12:34 PM, Alfredo Cardigliano wrote:
Hi Prateek
1. bpf filters: see documentation for pfring_set_bpf_filter in doxygen and
pfcount -f as example
2. hash filters: see documentation for pfring_handle_hash_filtering_rule in
doxygen and pfcount -u 1 as example
3. wildcard filters: see documentation for pfring_add_filtering_rule in doxygen
and pfcount -u 2 as example
Alfredo
On 04 Nov 2015, at 07:39, PRATEEK MOHANTY <[email protected]>
wrote:
Hi Team,
I am new to PF_RING, need to understand the filtering technique in it.
Please give some examples for using BPF filters and HASH/WILDCARD filters. Any
document would help.
thanks
Prateek
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
