tcpdump filter not ignoring jail subnet
Beeblebrox
zaphod at berentweb.com
Thu Mar 5 18:21:07 UTC 2015
I'm using "tcpdump -i re0 -tq -F bin/tcpdump.txt" on my workstation for real-time traffic analysis. The current filter file has:
(src not net 192.168.1.0/24 and not ip6 and not net 192.168.2.97/32) or (src host mybsd and not port imap and not port imaps and not port 6667)
I'd like to create the filter such that traffic sources deemed reasonably sane do not get listed in the output. Where I'm stuck:
* "net 192.168.2.97/32" is a DNS jail and I don't need to monitor that host. Yet, the "not net" (or not src net) keyword does not work and traffic to/from that net gets displayed anyway (I've also tried host keyword).
* I would like to include a URL whitelist in the filter (for example, do not show any *.FreeBSD.org traffic). Is this even possible with tcpdump?
Regards.
--
FreeBSD_amd64_11-Current_RadeonKMS
Please CC my email when responding, mail from list is not delivered.
More information about the freebsd-net
mailing list