Unleash Networks Forum :: Topic: Ignore local traffic with BPF? (1/1)

Welcome, Guest

Issues related to installation, running, bugs, and features.

Page:
1

TOPIC: Ignore local traffic with BPF?

Ignore local traffic with BPF? 10 years 6 months ago #3671

lex
OFFLINE
Karma: 0

Hello, is it possible to ignore certain subnet communication?
My setup:
LAN is 192.168.69.0/24 and 192.168.70.0/24
I want to capture traffic which only leaves and enters my net from/to outside interwebs, ie ignore ALL traffic inside LAN (like NFS between 192.168.69.2 and .69.4)
I feel like it will be something like 'not src net 192.168.69.0/24 and not dst net 192.168.69.0/24', but that does not work - trisul does not start with

Thu Oct  3 14:14:00 2013.394311 FATAL Unable to create processing engine : None of the adapters could be setup
Thu Oct  3 14:14:00 2013.394385 ALERT Error : Pulse Server Failed to initialize, Quitting!

UPD: replaced and with or and 'compiled' BPF with -ddd. Works. Solved.

Last Edit: 10 years 6 months ago by lex.

The administrator has disabled public write access.

Ignore local traffic with BPF? 10 years 6 months ago #3672

vivek [unleash] OFFLINE Karma: 3	Appreciate the update. With RXRING modes, you need the BPF codes via tcpdump -ddd. I suppose we could work that in to the codebase but this works. Cheers !
	Vivek R Unleash Networks Support : www.unleashnetworks.com/forums The administrator has disabled public write access.

Page:
1

Moderators: vivek [unleash]

Forum

Unleash Networks Forums

Trisul Network Metering and Forensics

Ignore local traffic with BPF?

Time to create page: 0.028 seconds