Hi,
First of all, thanks to Nicolai for the work on FreeBSD. I'll go and
pick it up right now.
I still have one question...
I am monitoring traffic on a link between our main router to the ISP
and our main switch. For some internal routing policy, some internal
traffic as well as some external traffic are going on this link.
I want to concentrate on external traffic only, so I set up a filter
of the form:
((src net not 203.159.0.0/16 and src net not 192.41.170.0/24) or (dst net
not 203.159.0.0/16 and dst net not 192.41.170.0/24))
That would exclude any packet not having either source or destination
outside of our LAN (203.159/16 and 192.41.170/24).
Now ntop goes back eating 99% of the resources. But even tcpdump does,
so I presume this is due to the packet filter. I would welcome any
kind of suggestion on how to write a better filter.
Best regards,
Olivier
