> Would anyone happen to have some good filter examples? Ideally I just want
> to show traffic that is outbound/inbound to/from the Internet.
The trick is to first find a filter expression that matches traffic
you want to exclude, and then invert the logic.
Use tcpdump first:
tcpdump -nni eth0 \
'src net 192.168.0.0/16 and dst net 192.168.0.0/16'
Then if you are satisfied that is matching the traffic you don't want
to see, invert:
tcpdump -nni eth0 \
'not(src net 192.168.0.0/16 and dst net 192.168.0.0/16)'
Confirm once again you are *not* seeing the traffic you don't want to
analyse with ntopng, and then update your arguments to ntopng to
include this filter expression:
e.g. ntopng [..] \
--packet-filter 'ip and not (host 10.11.0.1 and port 161)'
I've not used ntopng in Windows, so command line arguments may need
some tweaking :)
Hope that helps.
Regards,
Chris
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
