I got out of my logic-loop and solved my filter problem.
Thanks everyone for thier input.
((src net not 192.168.1.0/24 and host not 192.168.2.97 and not ip6) or
host mybsd) and not port (imap or imaps or 6667)
Below syntax is not accepted by tcpdump, btw:
src not (net 192.168.1.0/24 and host 192.
On 03/05/15 23:09, Beeblebrox wrote:
> Hi. Thanks for the input.
>
>> 192.168.2.97 is not a net. Any /32 is a host... even if it is
>> anycast. So filter on "host 192.168.2.9".
>
> I assume that specifying one of {src | dst} is not required and
> that "host 192.168.2.97" will remove all (in and
Hi. Thanks for the input.
> 192.168.2.97 is not a net. Any /32 is a host... even if it is
> anycast. So filter on "host 192.168.2.9".
I assume that specifying one of {src | dst} is not required and that "host
192.168.2.97" will remove all (in and out) from that IP?
> The real issue is that, whi
On Thu, Mar 5, 2015 at 10:20 AM, Beeblebrox wrote:
> I'm using "tcpdump -i re0 -tq -F bin/tcpdump.txt" on my workstation for
> real-time traffic analysis. The current filter file has:
>
> (src not net 192.168.1.0/24 and not ip6 and not net 192.168.2.97/32) or
> (src host mybsd and not port imap a
I'm using "tcpdump -i re0 -tq -F bin/tcpdump.txt" on my workstation for
real-time traffic analysis. The current filter file has:
(src not net 192.168.1.0/24 and not ip6 and not net 192.168.2.97/32) or (src
host mybsd and not port imap and not port imaps and not port 6667)
I'd like to create the
