Joe, The problem is in the configuration file and not in ntopng.
Remember that the configuration file is similar to the command line, with the exception that an equal sign '=' must be used between key and value. Example: -i=p1 or --interface=p1. Please try with the following configuration: -U=ntop -i=eth0 --daemon -w=3000 --data-dir=/etc/ntopng/data --httpdocs-dir=/usr/local/share/ntopng/httpdocs --scripts-dir=/usr/local/share/ntopng/scripts --callbacks-dir=/usr/local/share/ntopng/scripts/callbacks --redis=localhost:6379 -G=/var/run/ntopng/ntopng.pid -m="10.100.253.0/24" -B="ip and not multicast and not (src net 10.100.253.0/24 and dst net 10.100.253.0/24)” You can check the ntopng fields by reading the ntopng trace as follow: ./ntopng ntopng.conf 09/Jan/2014 08:42:59 [Ntop.cpp:468] Setting local networks to 192.168.1.0/24 09/Jan/2014 08:42:59 [PcapInterface.cpp:54] Reading packets from interface en1... 09/Jan/2014 08:42:59 [PcapInterface.cpp:142] Packet capture filter set to "ip and not multicast and not (src net 192.168.1.0/24 and dst net 192.168.1.0/24)" Best regards, Filippo On 09 Jan 2014, at 01:14, Joe Rizzo <[email protected]> wrote: > I complied ntopng version1.1.1 (r7155) and the issue persists. > > Is this an artifact of being on 32bit linux? > > Thanks, > Joe > > On Wed, Jan 8, 2014 at 2:47 PM, Filippo Fontanelli <[email protected]> > wrote: >> Joe, >> >> We fixed the issue, try using the latest ntopng code in SVN. >> >> Best regards, >> Filippo >> >> On 08 Jan 2014, at 16:15, Joe Rizzo <[email protected]> wrote: >> >>> Thanks for the response. >>> >>> I just compiled version v.1.1.1 (r7153). I believe I am using pcap. >>> I installed by svn checkout, configure, make, make install. >>> The OS is Ubuntu 12.04.3 LTS x86 (32bit). >>> >>> Here is my config file: >>> # egrep -v '^#|^$' /etc/ntopng/ntopng.conf >>> -U ntop >>> --daemon >>> -w 3000 >>> --data-dir /etc/ntopng/data >>> --httpdocs-dir /usr/local/share/ntopng/httpdocs >>> --scripts-dir /usr/local/share/ntopng/scripts >>> --callbacks-dir /usr/local/share/ntopng/scripts/callbacks >>> --redis localhost:6379 >>> -i eth0 >>> -G=/var/run/ntopng/ntopng.pid >>> -m "10.100.253.0/24" >>> -B "ip and not multicast and not (src net 10.100.253.0/24 and dst net >>> 10.100.253.0/24)" >>> >>> Despite specifying the filter, I see traffic between hosts on network >>> 10.100.253.0/24 and multicast in the ntopng web interface. >>> >>> The goal is to only have ntopng report on external connections. >>> >>> Thanks, >>> Joe >>> >>> On Wed, Jan 8, 2014 at 5:30 AM, Filippo Fontanelli <[email protected]> >>> wrote: >>>> Joe >>>> >>>> I tested your BPF filter and it works as expected for me using the latest >>>> ntopng code in SVN. >>>> >>>> Please check your ntopng backend, are you using pf_ring or pcap? >>>> >>>> Can you provide more information about your issue? >>>> >>>> Best regards, >>>> Filippo >>>> >>>> On 07 Jan 2014, at 20:39, Joe Rizzo <[email protected]> wrote: >>>> >>>>> Hi - >>>>> I am running ntopng (i686 v.1.1.1 (r7147)). I want to apply the >>>>> following filter however it has no effect on ntopng reporting. >>>>> >>>>> -B "ip and not multicast and not (src net 10.100.253.0/24 and dst >>>>> net 10.100.253.0/24)" >>>>> >>>>> This filter works as expected with tcpdump. >>>>> >>>>> What am I missing? >>>>> >>>>> Thanks, >>>>> Joe >>>>> _______________________________________________ >>>>> Ntop mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>>> >>>> _______________________________________________ >>>> Ntop mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop >>> _______________________________________________ >>> Ntop mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop >> >> _______________________________________________ >> Ntop mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop > _______________________________________________ > Ntop mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
