Hello, I'm getting interesting results when setting up a certain filter with iptraf. My sniffer box (snoop) with iptraf installed is at 10.10.1.3/8 and the box I'm connecting to 'snoop' with is at 10.0.0.65/8. I connect to 'snoop' via ssh and have X forwarding turned on. I have a _lot_ of data transferring via ssh since I have a lot of X applications open. I also use the same terminal connection to use iptraf. I want to filter all of the traffic between 'snoop' and the box I use to connect to it but when I do that, _all_ the traffic on my local subnet gets filtered. The following are the TCP filters I have tried. ---- 10.10.1.3 10.0.0.65 255.255.255.255 255.255.255.255 port 22 port 0 E ---- 10.10.1.0 0.0.0.0 255.255.255.0 0.0.0.0 port 0 port 0 E ---- 10.10.1.3 0.0.0.0 255.255.255.255 0.0.0.0 port 0 port 0 E In each case all I can see is ICMP traffic. Is this a known issue? Is so is there a work-around? Thanks for your time! -- Mark J. de Jong ,.,.,.,...,.,,.,..,.,....,.,..,.,..,.,.,,.,...,..,,... Senior Network Engineer - Secure Dog Hosting, Inc. P.703.256.2869 F.703.256.3810 C.571.212.0027 http://www.secdog.com
Attachment:
signature.asc
Description: This is a digitally signed message part