GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  FLOW-FILTER (1)

NAME

flow-filter - Filter flows.

CONTENTS

Synopsis

SYNOPSIS

flow-filter [ -hko ] [ -a src_as_filter ] [ -A dst_as_filter ] [ -b big|little ] [ -C comment ] [ -D dstaddr_filter_name ] [ -d debug_level ] [ -e exaddr_filter ] [ -f acl_fname ] [ -i input_filter ] [ -I output_filter ] [ -p srcport_filter ] [ -P dstport_filter ] [ -r ipprot_filter ] [ -S srcaddr_filter_name ] [ -t tos_filter ] [ -T tcp_flags_filter ] [ -x nexthop_filter_name ] [ -z z_level ]

DESCRIPTION

The flow-filter utility will filter flows based on user selectable criteria. The IP address filters are defined in flow.acl or by the filename specified by -f.

Other filters such as input interface and ports are defined on the command line. These filters accept range and negation operators, ie -i1-15 for input interfaces 1 through 15 or -i1,15 for input interfaces 1 and 15, or !1,15 for not input interfaces 1 and 15.

The syntax is kludgy and needs reworked but works for most applications.

OPTIONS

-a src_as_filter
  Source AS filter, ie -a159 to permit Autonomous System 159.
-A dst_as_filter
  Destination AS filter, ie -A159,3112 to permit Autonomous Systems 159 and 3112.
-b big|little
  Byte order of output.
-C Comment
  Add a comment.
-d debug_level
  Enable debugging.
-D dstaddr_filter_name
  Destination IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
-e exaddr_filter
  Exporter IP address filter. One exporter address can be filtered.
-f acl_fname
  Access list filename. Defaults to flow.acl.
-h Display help.
-i input_filter
  Input interface filter, ie -i0 to permit traffic from interface 0.
-k Keep time from input.
-I output_filter
  Output interface filter, ie -I0 to permit traffic to interface 0.
-o Logical OR instead of AND filters.
-p srcport_filter
  Source port filter, ie -p80 to only permit source port 80.
-P dstport_filter
  Destination port filter, ie -P80,8080 to permit destination ports 80 and 8080.
-r ipprot_filter
  IP Protocol filter, ie -r6 to only permit TCP traffic.
-S srcaddr_filter_name
  Source IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
-t tos_filter
  ToS bits filter. An optional mask is available which is applied to the tos field before comparing to the filter list. For example to match a tos bit pattern of 101xxxxx use 0xA0/0xE0.
-T tcp_flags_filter
  TCP bits filter. An optional mask is available which is applied to the TCP flags field before comparing to the filter list. For example to match a flows with the SYN bit set use 0x2/0x2.
-x nexthop_filter_name
  NextHop IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
-z z_level
  Configure compression level to z_level. 0 is disabled (no compression), 9 is highest compression.

EXAMPLES

Print all traffic with a destination port of 80.

flow-cat /flows/krc4 | flow-filter -P80 | flow-print

Print all traffic with with source IP 10.0.0.1. Populate flow.acl with ip access-list standard badguy permit host 10.0.0.1

flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-print

Report all destinations that IP 10.0.0.1 has sent traffic to. Sort by octets. Populate flow.acl with ip access-list standard badguy permit host 10.0.0.1

flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-stat -f8 -S2

BUGS

Extended access lists are not fully implemented. The command line filter syntax is a kludge.

NOTES

Use flow-nfilter.

AUTHOR

Mark Fullmer <maf@splintered.net>

SEE ALSO

flow-tools(1)

Search for    or go to Top of page |  Section 1 |  Main Index


FLOW-FILTER (1) 26 Август 2010

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.