I'm using "tcpdump -i re0 -tq -F bin/tcpdump.txt" on my workstation for real-time traffic analysis. The current filter file has:
(src not net 192.168.1.0/24 and not ip6 and not net 192.168.2.97/32) or (src host mybsd and not port imap and not port imaps and not port 6667) I'd like to create the filter such that traffic sources deemed reasonably sane do not get listed in the output. Where I'm stuck: * "net 192.168.2.97/32" is a DNS jail and I don't need to monitor that host. Yet, the "not net" (or not src net) keyword does not work and traffic to/from that net gets displayed anyway (I've also tried host keyword). * I would like to include a URL whitelist in the filter (for example, do not show any *.FreeBSD.org traffic). Is this even possible with tcpdump? Regards. -- FreeBSD_amd64_11-Current_RadeonKMS Please CC my email when responding, mail from list is not delivered. _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
