Video Screencast Help

Need assistance with IP Filtering for Vontu Network Monitor

Created: 28 Feb 2011 • Updated: 28 Feb 2011 | 1 comment
This issue has been solved. See solution.

I'm trying to test an IP filter on a network monitor.  I'm trying to exclude capturing data from a single IP address ... at least for now.  For example...

+,*,*;-,192.168.20.140/32,*   According to the online help, I'm interpreting this as ignore source IP 192.168.20.140 that is destined for anywhere.

However, the above example is not working.  Has anyone worked with these?  Your comments are appreciated.

Discussion Filed Under:

Comments 1 CommentJump to latest comment

Keith Reynolds - ExchangeTek's picture

You're close...the thing to remember is that the rules you set up in here are evaluated from left to right.  So starting out with:

+,*,*

...means that you are including ALL traffic, so in essence you've invalidated all of your subsequent filters.  And, it's:

[+|-],[destination],[source]

What you want is this:

-,*,192.168.20.140/32;+,*,*

That's read as "exclude traffic from that exact IP as the source, then inspect anything else.

If you look in the help, you'll see they provide examples as well, which may be helpful.

Regards,

~Keith

 

SOLUTION