Hello, Thanks for the reply. I reached the same goal with the « collection-filter » argument. But i had some problems too. The « ! » was returning a shell fuction i think. Whan use it put some « yum install… » instead of the « ! ». I solved this by using a configuration file for nprobe. Now, the last thing i have to do is to filter only Office365 flows, but it’s tricky because of there is almost 1000 IP to filter. If anybody have an idea. Thanks again.
CRUCHADE Loïc 05.82.52.22.02 Service Exploitation Informatique Direction des Systèmes d’information [logo] De : [email protected] [mailto:[email protected]] De la part de Luca Deri Envoyé : mardi 24 mai 2016 09:02 À : [email protected] Objet : Re: [Ntop-misc] Nprobe black list network Loïc I have just tested and it seems to work for me. What nprobe version are you using? I have tested the latest 7.3 release. Please add a “ “ between the blacklist parameter to make sure the shell does not mess-up. If still not working, please file a bug at https://github.com/ntop/nProbe/issues Regards Luca On 23 May 2016, at 10:10, Loic CRUCHADE <[email protected]<mailto:[email protected]>> wrote: Hello, I recently bought Nprobe pro. I collect Netflow V9 and then sent it back in V5 to a server. I need to blacklist some networks, so i used the « --black-list » argument, but it does not seems to works. Here is the command i use : nprobe -n udp://10.11.1.140:2055 -i none -t 20 -d 20 -a 0 -e 1 -b 2 -w 128000 -z 0 -S 1:1 -u 1 -Q 1 -3 9995 --zmq tcp://127.0.0.1:5556 -V5 -G --black-list 10.7.0.0/16,10.1.0.0/16,10.11.0.0/16,192.168.0.0/16 And here is somes logs of networks that i dont want to send back to my server : 23/May/2016 09:55:43 [engine.c:2541] Emitting Flow: [->][icmp] 10.1.1.104:2048 -> 10.2.1.41:0 [1 pkt/60 bytes][ifIdx 22273->111][0.0 sec][ECHO REPLY][init Unknown][AS: 0 -> 0] 23/May/2016 09:55:46 [engine.c:2568] Emitting Flow: [<-][icmp] 10.2.1.42:0 -> 10.1.1.48:2048 [2 pkt/120 bytes][ifIdx 111->22273][0.0 sec][AS: 0 -> 0] 23/May/2016 09:55:42 [engine.c:2361] New Flow: [icmp] 10.1.1.104:2048 -> 10.2.1.1:0 [00:00:00:00:00:00 -> 00:00:00:00:00:00][vlan 65535][tos 0][ifIdx: 22273 -> 111][subflowId: 0/0x0000][idx=69225] What did i do wrong ? Thanks for you help ! CRUCHADE Loïc 05.82.52.22.02 Service Exploitation Informatique Direction des Systèmes d’information <image001.png> _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
