GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
flow-filter(1) FreeBSD General Commands Manual flow-filter(1)

flow-filter — Filter flows.

flow-filter [-hko] [-a src_as_filter] [-A dst_as_filter] [-b big|little] [-C comment] [-D dstaddr_filter_name] [-d debug_level] [-e exaddr_filter] [-f acl_fname] [-i input_filter] [-I output_filter] [-p srcport_filter] [-P dstport_filter] [-r ipprot_filter] [-S srcaddr_filter_name] [-t tos_filter] [-T tcp_flags_filter] [-x nexthop_filter_name] [-z z_level]

The flow-filter utility will filter flows based on user selectable criteria. The IP address filters are defined in flow.acl or by the filename specified by -f.

Other filters such as input interface and ports are defined on the command line. These filters accept range and negation operators, ie -i1-15 for input interfaces 1 through 15 or -i1,15 for input interfaces 1 and 15, or !1,15 for not input interfaces 1 and 15.

The syntax is kludgy and needs reworked but works for most applications.

Source AS filter, ie -a159 to permit Autonomous System 159.
Destination AS filter, ie -A159,3112 to permit Autonomous Systems 159 and 3112.
Byte order of output.
Add a comment.
Enable debugging.
Destination IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
Exporter IP address filter. One exporter address can be filtered.
Access list filename. Defaults to flow.acl.
Display help.
Input interface filter, ie -i0 to permit traffic from interface 0.
Keep time from input.
Output interface filter, ie -I0 to permit traffic to interface 0.
Logical OR instead of AND filters.
Source port filter, ie -p80 to only permit source port 80.
Destination port filter, ie -P80,8080 to permit destination ports 80 and 8080.
IP Protocol filter, ie -r6 to only permit TCP traffic.
Source IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
ToS bits filter. An optional mask is available which is applied to the tos field before comparing to the filter list. For example to match a tos bit pattern of 101xxxxx use 0xA0/0xE0.
TCP bits filter. An optional mask is available which is applied to the TCP flags field before comparing to the filter list. For example to match a flows with the SYN bit set use 0x2/0x2.
NextHop IP address filter. This is the name or number of a standard access list defined in flow.acl or the file specified by -f.
Configure compression level to z_level. 0 is disabled (no compression), 9 is highest compression.

Print all traffic with a destination port of 80.


flow-cat /flows/krc4 | flow-filter -P80 | flow-print

Print all traffic with with source IP 10.0.0.1. Populate flow.acl with
ip access-list standard badguy permit host 10.0.0.1


flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-print

Report all destinations that IP 10.0.0.1 has sent traffic to. Sort by octets. Populate flow.acl with
ip access-list standard badguy permit host 10.0.0.1


flow-cat /flows/krc4 | flow-filter -Sbadguy | flow-stat -f8 -S2

Extended access lists are not fully implemented. The command line filter syntax is a kludge.

Use flow-nfilter.

Mark Fullmer maf@splintered.net

flow-tools(1)

Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.