Hello Kenneth, On Sat, May 21, 2005 at 12:00:03AM +0200, Kenneth Kalmer wrote:
> I remember I saw a configuration example somewhere that allows traffic > to a certain host, in this case 192.128.1.2, to be excluded from *all* > calculations. The gateway machine has 2 IP's and all traffic from any > client to the second IP must not be used in the calculations of their > total usage. > > How would I go about setting this up? Adding a line like 'pcap_filter: not host 192.168.1.2' (and speaking more generally, the directive understands the classic tcpdump filtering syntax) should suffice to achieve the goal. Such filter (pcap_filter) is also pretty quick because it is evaluated straight into the kernel (on most common OS, e.g. Linux). > Out of interest sake, all the entries with source and destination > hosts set as 0.0.0.0, where does that traffic come from, or how are > those numbers calculated? Supplying a networks definition file (networks_file) makes all hosts not included there to be rewritten as zeroes. So, whenever you find such traffic logged (src 0.0.0.0, dst 0.0.0.0), it means that it have been exchanged between IP addresses outside such definition. To test the above hypotesis, you can run: 'tcpdump -i eth1 not net 192.168.10.0/24' and see whether it returns any kind of traffic. Cheers, Paolo
