Hi,
> On 9 Nov 2019, at 14:27, Michael <[email protected]> wrote:
>
> That didn't work but I should have been more precise. This is a ZMQ interface
> receiving flows from nProbe. Neither nProbe or Ntopng are capturing. I tried
> running nProbe with --bpf-filter "not port bootps" but flows between 0.0.0.0
> and 255.255.255.255 still show. Is there a way to apply this filter to Ntopng
> for flows received from Nprobe, or to Nprobe for collected Netflow data?
OK, in that case you have to use option --collection-filter on nProbe. Use a
/32 to exclude the single address. See:
--collection-filter <filter> | Filter applied to collected filters only
(-3). Filter format:
| [!]<asX | network/mask> (! means discard
flows matching filter)
| Multiple filters can be defined using
multiple --collection-filter options.
| Filter examples: !as12345,
192.168.0.0/24, !10.0.0.0/8
Simone
> On Thursday, November 7, 2019, 09:12:45 AM EST, Simone Mainardi
> <[email protected]> wrote:
>
>
> Hi,
>
> You can use a BPF filter:
>
> -B "not port bootps"
>
>
> Simone
>
>> On 7 Nov 2019, at 12:31, Michael <[email protected]
>> <mailto:[email protected]>> wrote:
>>
>> Is there a way to hide flows for DHCP traffic? I keep seeing the flows
>> between 0.0.0.0 and 255.255.255.255 for clients looking for an IP address.
>> _______________________________________________
>> Ntop mailing list
>> [email protected] <mailto:[email protected]>
>> http://listgateway.unipi.it/mailman/listinfo/ntop
>
> _______________________________________________
> Ntop mailing list
> [email protected] <mailto:[email protected]>
> http://listgateway.unipi.it/mailman/listinfo/ntop
> <http://listgateway.unipi.it/mailman/listinfo/ntop>_______________________________________________
> Ntop mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop
