Hi Alfredo,
- Okay. What should I pass with "-f" to pfcount so that it will drop the
packets?
- So, what "pfcount -f <>" does then? Please provide some examples with
results where "pfcount -f <>" is used.
- Is there any way in any ntop package where I can filter and drop the
packets based on host string name ?
regards
Prateek
On Wednesday 04 November 2015 04:08 PM, Alfredo Cardigliano wrote:
Hi Prateek
please note that bpf filters (when used with standard drivers) drop packets in
kernel space,
while string matching happens in userspace inside pfcount.c. You cannot use bpf
for string
matching.
Alfredo
On 04 Nov 2015, at 11:31, PRATEEK MOHANTY <[email protected]>
wrote:
Hi Alfredo,
Yes. when running "pfcount --help" show to pass -f <filter> [BPF filter].
I am trying to block and drop the packets if matches the host name as youtube, facebook.
In "userland/string.sample", I have kept facebook and youtube string. I am
giving following command.
ex: ./pfcount -i eth0 -x string.sample -o 1.txt
(This is filtering out matched packets and keeping statistics in 1.txt.log file)
-> My question is What I should pass with -f <?> to block and drop those
matched packets ?
ex: ./pfcount -i eth0 -x string.sample -o 1.txt -f <?>
regards
Prateek
On Wednesday 04 November 2015 02:51 PM, Alfredo Cardigliano wrote:
Please take a look at pfcount.c, it includes the examples you need.
-f expects a bpf filter (string)
Alfredo
On 04 Nov 2015, at 08:49, PRATEEK MOHANTY <[email protected]>
wrote:
Hi Alfredo,
I have checked doxygen docs for bpf_filter, but couldn't find any examples. I am using
pfcount application but not sure what to pass with "-f" notation. Could you
give some example of commands for BPF,hash/wildcard filters ?
regards
Prateek
On Wednesday 04 November 2015 01:05 PM, PRATEEK MOHANTY wrote:
Hi Alfredo,
Thanks for reply. I have few doubts, please help me to clear it.
1. Can I use PF_RING for per wifi VAPs ?
2. Can I filter packets based on host strings like facebook,youtube and drop
those packets ? If yes, how?
3. How nDPI and PF_RING are different ?
4. Can I use nDPI for wifi vap interfaces with mips processor ?
regards
Prateek
On Wednesday 04 November 2015 12:34 PM, Alfredo Cardigliano wrote:
Hi Prateek
1. bpf filters: see documentation for pfring_set_bpf_filter in doxygen and
pfcount -f as example
2. hash filters: see documentation for pfring_handle_hash_filtering_rule in
doxygen and pfcount -u 1 as example
3. wildcard filters: see documentation for pfring_add_filtering_rule in doxygen
and pfcount -u 2 as example
Alfredo
On 04 Nov 2015, at 07:39, PRATEEK MOHANTY <[email protected]>
wrote:
Hi Team,
I am new to PF_RING, need to understand the filtering technique in it.
Please give some examples for using BPF filters and HASH/WILDCARD filters. Any
document would help.
thanks
Prateek
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
