I want to create a series of filters that have the form below: #### exclude 161 UDP SNMP not ( dst port 161 and proto UDP ) and #### exclude 53 UDP DNS not ( dst port 53 and proto UDP ) and #### exclude 53 TCP DNS not ( dst port 53 and proto TCP ) this does not work: $ cat filters/temp.txt not ( dst port 53 and proto UDP ) and not ( dst port 53 and proto TCP ) and not ( dst port 161 and proto UDP ) $ nfdump -B -r nfcapd.201612050004 -f ./filters/temp.txt -o "fmt: %sa %da %dp %pr" | grep " 53 " | more produces output of form below - no filtering x.x.x.x y.y.y.y 53 UDP x.x.x.x y.y.y.y 53 UDP < continues > Assuming this is possible - what is the proper syntax?
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi
_______________________________________________ Nfdump-discuss mailing list Nfdump-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfdump-discuss