Date: Thu, 5 Mar 2015 20:20:50 +0200 From: Beeblebrox <zaphod@berentweb.com> To: <freebsd-net@freebsd.org> Subject: tcpdump filter not ignoring jail subnet Message-ID: <20150305202050.24042973@rsbsd.rsb>
next in thread | raw e-mail | index | archive | help
I'm using "tcpdump -i re0 -tq -F bin/tcpdump.txt" on my workstation for rea= l-time traffic analysis. The current filter file has: (src not net 192.168.1.0/24 and not ip6 and not net 192.168.2.97/32) or (sr= c host mybsd and not port imap and not port imaps and not port 6667) I'd like to create the filter such that traffic sources deemed reasonably s= ane do not get listed in the output. Where I'm stuck: * "net 192.168.2.97/32" is a DNS jail and I don't need to monitor that host= . Yet, the "not net" (or not src net) keyword does not work and traffic to/= from that net gets displayed anyway (I've also tried host keyword). * I would like to include a URL whitelist in the filter (for example, do no= t show any *.FreeBSD.org traffic). Is this even possible with tcpdump? Regards. --=20 FreeBSD_amd64_11-Current_RadeonKMS Please CC my email when responding, mail from list is not delivered.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150305202050.24042973>