I want to create a series of filters that have the form below:

           #### exclude 161 UDP SNMP
           not ( dst port 161 and proto UDP ) and
           #### exclude 53 UDP DNS
           not ( dst port 53 and proto UDP ) and
           #### exclude 53 TCP DNS
           not ( dst port 53 and proto TCP )

this does not work:

   $ cat filters/temp.txt

   not ( dst port 53 and proto UDP ) and
   not ( dst port 53 and proto TCP ) and
   not ( dst port 161 and proto UDP )

   $ nfdump -B -r nfcapd.201612050004 -f ./filters/temp.txt -o "fmt:
   %sa %da %dp %pr"  | grep " 53 " | more

   produces output of form below - no filtering

         x.x.x.x  y.y.y.y   53 UDP
         x.x.x.x  y.y.y.y   53 UDP
         < continues >

Assuming this is possible - what is the proper syntax?

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Nfdump-discuss mailing list
Nfdump-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss

Reply via email to