Even if a host-port pair in this list meets the criterion in the Desired Traffic section,
the device does not capture it. To ignore all traffic for a host, enter * or
All as the port.
When you specify host and port combinations to ignore, you are adding restrictions that matched packets must not be one of the host and port combinations. For example, suppose you wanted to capture all traffic to and from hosts that are communicating on ports 1, 2, and 3 except for the following host and port combinations:
The description of that traffic is the same as running the following single command:
tcpdump -n -i eth0 "((port 1) or (port 2) or (port 3)) and not \ ((host 188.8.131.52 and port 4) or (host 184.108.40.206 and port 5))"
ctc-conf.xml, the example translates into the following
<Ignores> <Ignore> <Address>220.127.116.11</Address> <Port>4</Port> </Ignore> <Ignore> <Address>18.104.22.168</Address> <Port>5</Port> </Ignore> </Ignores> <ListenTos> <ListenTo> <Port>1</Port> </ListenTo> <ListenTo> <Port>2</Port> </ListenTo> <ListenTo> <Port>3</Port> </ListenTo> </ListenTos>
Please sign in to leave a comment.