Hi All,
I have three separate communications between hosts that I want to be able to filter out from our packet decoder.
I cannot for the life of me figure out the correct BPF syntax to make that happen.
I end up usually filtering nothing, or everything.
I've trying to filter the following out.
---
anything on vlan300
192.168.30.12 > 10.21.32.90:902
172.14.9.9 > 192.168.30.20:10566
----
I dont want to filter out the whole host traffic, just the specific communication on a specific port (eg. backup traffic).
Does anyone have experience in writing BPF?
thanks.
How about this? Should be a single long line in the filter field:
not ((vlan 300) or (src host 192.168.30.12 and dst host 10.21.32.90 and dst port 902) or (src host 172.14.9.9 and dst host 192.168.30.20 and dst port 10566))
You can also specify tcp dst port if you want as well otherwise above just ignore the protocol and is just port focused:
not ((vlan 300) or (src host 192.168.30.12 and dst host 10.21.32.90 and tcp dst port 902) or (src host 172.14.9.9 and dst host 192.168.30.20 and tcp dst port 10566))
Naushad A Kasu | Senior Practice Consultant, Professional Services | RSA | m: 612.772.5843<tel:612.772.5843> | e: naushad.kasu@rsa.com<mailto:naushad.kasu@rsa.com> | www.rsa.com<http://www.rsa.com/>
<https://community.rsa.com/welcome>
<https://community.rsa.com/welcome>