Even if a host-port pair in this list meets the criterion in the Desired Traffic section,
the device does not capture it. To ignore all traffic for a host, enter * or
All
as the port.
When you specify host and port combinations to ignore, you are adding restrictions that matched packets must not be one of the host and port combinations. For example, suppose you wanted to capture all traffic to and from hosts that are communicating on ports 1, 2, and 3 except for the following host and port combinations:
Host | Port |
---|---|
1.2.3.4 | 4 |
5.6.7.8 | 5 |
The description of that traffic is the same as running the following single command:
tcpdump -n -i eth0 "((port 1) or (port 2) or (port 3)) and not \
((host 1.2.3.4 and port 4) or (host 5.6.7.8 and port 5))"
In the ctc-conf.xml
, the example translates into the following
XML:
<Ignores>
<Ignore>
<Address>1.2.3.4</Address>
<Port>4</Port>
</Ignore>
<Ignore>
<Address>5.6.7.8</Address>
<Port>5</Port>
</Ignore>
</Ignores>
<ListenTos>
<ListenTo>
<Port>1</Port>
</ListenTo>
<ListenTo>
<Port>2</Port>
</ListenTo>
<ListenTo>
<Port>3</Port>
</ListenTo>
</ListenTos>