I just tried to make the filter as simple as possible and it is still not working:
not net 10.18.1 and not net 10.255.255 and not net 10.21 and not host 10.10.220.146 and not host 10.255.255.20 I click on hosts and I am finding hosts within these IP address ranges. At any rate, thanks for all help in advance. Matthew From: [email protected] [mailto:[email protected]] On Behalf Of Cabeza de Baca, Matthew Sent: Monday, August 13, 2012 10:16 AM To: '[email protected]' Subject: [Ntop] Global Protocol Distribution Charts Hello All I have a new installation of NTOP and am configuring it. I have 2 issues that may have simple solutions. First, "Global TCP/UDP Protocol Distribution" isn't producing any graphics. This started after I added a -p option to point to a protocol.list file per the instructions to better categorize my internal traffic. My second issue is that I would like to exclude traffic to and from a backup network and a couple of scanning servers that are skewing my results. I attempted to use a -B and now am attempting the -filter-expression switch with no luck: --filter-expression="!(net 10.18.1.0 255.255.255.0,10.255.255.0 255.255.255.0, 10.21.0.0 255.255.0.0) and !(host 10.10.220.146, 10.255.255.20)" Any and all help will be greatly appreciated. Below is my basic information. Basic Information ntop Version i686-pc-linux-gnu (32 bit) Running as user ntop Configured on Nov 24 2011 12:20:45 Built on Nov 24 2011 12:20:46 OS i686-pc-linux-gnu libpcap<http://www.tcpdump.org> Version ?? RRD<http://www.rrdtool.org/> Version 1.4004 GeoIP<http://www.maxmind.com/> Version GEO-533LITE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved GeoIP<http://www.maxmind.com/> AS Version GEO-117 20090114 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved Running from /usr/sbin Libraries in /usr/lib Process Id 4247 Run State Run Command Line Started as.... /usr/sbin/ntop @/etc/ntop.conf Resolved to.... /usr/sbin/ntop --user ntop --use-syslog=daemon --db-file-path /var/lib/ntop --trace-level 5 --http-server 3000 --skip-version-check=yes --interface p2p2 --filter-expression=!(net 172.18.1.0 255.255.255.0,172.255.255.0 255.255.255.0, 172.17.0.0 255.255.0.0) and !(host 172.20.220.146, 172.255.255.20) -p /etc/protocol.list -O /captures Matthew "Is everything sad going to come untrue?" Sam - The Lord of the Rings. ________________________________ This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy the message. ________________________________ Think Green! Please do not print this e-mail unless you need to. Thank you. ________________________________ This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential or privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy the message.
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
