📄 filters.html

📁 一个网络流量分析的完整的程序
💻 HTML
📖 第 1 页 / 共 2 页
字号:
上一页 12
VALIGN="TOP">Host name/IP Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">sunsite.unc.edu</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">cebu.mozcom.com</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><P>  To omit display of traffic to/from 140.66.5.x from/to anywhere</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1479"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Host name/IP Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">140.66.5.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">E</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><P>  In all the above examples, you could have interchanged the first and  second sets of IP addresses, wildcard masks, and port values; they  wouldn't have made any difference. That's why they're better referred to  as "first" and "second" rather than "source" and "target".</P><P>  You can enter as many parameters as you wish. All of them will  be interpreted when the filter is processed.</P></DIV><DIVCLASS="SECT3"><H3CLASS="SECT3"><ANAME="AEN1509">Excluding Certain Sites</A></H3><P>&#13;  Filters follow an "implicit no-display" policy, that is, only explicitly  defined sites will be displayed, everything else is not. This is similar  to the access-list policy "whatever is not explicitly permitted is  denied". If you want to show all traffic to/from everywhere,  except certain places, you can specify the sites you wish to exclude,  mark them with <TTCLASS="COMPUTEROUTPUT">E</TT> in the <TTCLASS="COMPUTEROUTPUT">Include/Excludefield</TT>, and  define a general catch-all entry with source address<TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>, mask  <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>, port <TTCLASS="COMPUTEROUTPUT">0</TT>, and destination<TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>, mask <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>,port <TTCLASS="COMPUTEROUTPUT">0</TT>, tagged  with an <TTCLASS="COMPUTEROUTPUT">I</TT>in the <TTCLASS="COMPUTEROUTPUT">Include/Exclude</TT> field as the last entry.</P><P>  For example:</P><P>To see all traffic except all SMTP, Web, and traffic from/to 207.0.115.44</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1524"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Host name/IP address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">25</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">E</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Host name/IP address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT"> 0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">80</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">E</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Host name/IP address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">207.0.115.44</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">E</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">&nbsp;</TD><TD>&nbsp;</TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Host name/IP address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Port</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><DIVCLASS="TIP"><P></P><TABLECLASS="TIP"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="./stylesheet-images/tip.gif"HSPACE="5"ALT="Tip"></TD><THALIGN="LEFT"VALIGN="CENTER"><B>Tip</B></TH></TR><TR><TD>&nbsp;</TD><TDALIGN="LEFT"VALIGN="TOP"><P>  To omit all TCP from the display, define a filter with a single  entry, with a source of <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT> mask<TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT> port <TTCLASS="COMPUTEROUTPUT">0</TT>, and a destination  of <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT> mask <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>port <TTCLASS="COMPUTEROUTPUT">0</TT>,with the <TTCLASS="COMPUTEROUTPUT">Include/Exclude</TT> field  marked <TTCLASS="COMPUTEROUTPUT">E</TT> (exclude). Then apply this filter.</P></TD></TR></TABLE></DIV></DIV></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1635">Applying a Filter</A></H2><P>  The above steps only add the filter to a defined list. To actually apply  the filter, you must select <ICLASS="EMPHASIS">Apply filter...</I> from the menu. You will be  presented with a list of filters you already defined. Select the one you  want to apply, and press Enter.</P><P>  The applied filter stays in effect over exits and restarts of the IPTraf program until it is detached.</P></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1640">Editing a Defined Filter</A></H2><P>  Select <ICLASS="EMPHASIS">Edit filter...</I> to modify an existing filter. Once you select this  option, you will be presented with the list of defined filters.  Select the filter you want to edit by moving the selection bar and press  Enter.</P><P>  Edit the description if you wish. Pressing Ctrl+X at this point  will abort the operation, and the filter will remain unmodified. Press  Enter to accept any changes to the filter description.</P><DIVCLASS="FIGURE"><ANAME="AEN1645"></A><P><IMGSRC="iptraf-editfilter.png"></P><P><B>Figure 5. The filter parameters selection screen.  Selecting an entrydisplays that set for editing</B></P></DIV><P>  After pressing Enter, you will see the filter's rules. To edit an  existing filter rule, move the selection bar  to the desired entry and press Enter. A prefilled dialog box  will appear. Edit its contents as desired. Press Enter to accept the  changes or Ctrl+X to discard.</P><P>  You can add a new filter rule by pressing I to insert at the selection  bar's current position. When you press I, you will be presented with a  dialog box asking you to enter the new rule data. Pressing A results  in a similar operation, except the rule will be appended as the  last entry in the rule list.</P><P>  Pressing D deletes the currently pointed entry.</P><P>  Press X or Ctrl+X to end the edit and save the changes.</P><DIVCLASS="NOTE"><P></P><TABLECLASS="NOTE"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="./stylesheet-images/note.gif"HSPACE="5"ALT="Note"></TD><THALIGN="LEFT"VALIGN="CENTER"><B>Note</B></TH></TR><TR><TD>&nbsp;</TD><TDALIGN="LEFT"VALIGN="TOP"><P>If you're editing the currently applied filter, you will need  to re-apply the filter for the changes to take effect.  </P></TD></TR></TABLE></DIV><DIVCLASS="NOTE"><P></P><TABLECLASS="NOTE"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="./stylesheet-images/note.gif"HSPACE="5"ALT="Note"></TD><THALIGN="LEFT"VALIGN="CENTER"><B>Note</B></TH></TR><TR><TD>&nbsp;</TD><TDALIGN="LEFT"VALIGN="TOP"><P>  Be aware that the filter process the rules in order. In other  words, if a packet matches more than one rule, only the first matching  rule is followed.</P></TD></TR></TABLE></DIV></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1658">Deleting a Defined Filter</A></H2><P>  Select <ICLASS="EMPHASIS">Delete filter...</I> from the menu to remove a filter  from the list. Just move the selection bar to the filter you want to  delete, and press Enter.</P></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1662">Detaching a Filter</A></H2><P>  The <ICLASS="EMPHASIS">Detach filter</I> option deactivates the filter currently in  use. Selecting this option causes all TCP traffic to be passed  to the monitors.</P><P>  When you're done with the menu, just select the Exit menu option.</P></DIV></DIV></DIV><DIVCLASS="NAVFOOTER"><HRALIGN="LEFT"WIDTH="100%"><TABLEWIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top"><AHREF="morelanmoninfo.html">&#60;&#60;&#60; Previous</A></TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"><AHREF="manual.html">Home</A></TD><TDWIDTH="33%"ALIGN="right"VALIGN="top"><AHREF="udpfilters.html">Next &#62;&#62;&#62;</A></TD></TR><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top">Additional Information</TD><TDWIDTH="34%"ALIGN="center"VALIGN="top">&nbsp;</TD><TDWIDTH="33%"ALIGN="right"VALIGN="top">UDP Filters</TD></TR></TABLE></DIV></BODY></HTML>
上一页 12
💿 文件大小 355 K
👤 上传用户 syxie
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#网络 #流量分析 #程序
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -