[netflow-tools] [softflowd] Capture only one subnet
Thomas Hupperich
thomas.hupperich at ruhr-uni-bochum.de
Sat Jan 19 02:00:37 EST 2013
Hello and thank you for your answers!
On 17.01.2013 11:24, Andrew McGill wrote:
> softflowd accepts a pcap filter expression on the command line
>
> if memory serves (not necessarily true) this may work:
>
> softflowd net 10.2.0.0/16
>
> &:-)
I tried this but unfortunately it did not work at all.
When the OS boots up a script runs the following command:
softflowd -i eth1 -v5 -n 127.0.0.1:10555 net 10.10.2.0/24
At port 10555 on localhost there is a capture script running and
10.10.2.x is the subnet I want softflowd to capture.
eth1 is the interface to capture (in promisc mode).
When I now execute the command "softflowctl dump-flows" there are flows
listed on the console which are not from the specified subnet. (btw I
also tried "net 10.10.2.0/16" with the same result).
Of course I restarted the softflod service and even the whole machine
after changing the configuration.
I am sorry to bother you with this issue.
Thank you again!
Greetings,
Thomas
More information about the netflow-tools
mailing list