Useful Primitives

Now that you understand how primitives and filters work together, I'll discuss primitives in depth. flow-nfilter supports many different primitives, but I'll cover only the most commonly useful ones here. The flow-nfilter man page includes the complete primitive list, but this book contains every one that I have used during several years of flow analysis.

Protocol, Port, and Control Bit Primitives

Filtering on network protocol and port information is one of the most common ways to strip a list of flow records down to only interesting traffic.

IP Protocol Primitives

You saw a basic IP protocol primitive earlier, but you can check for protocols other than TCP. For example, if you use IPSec, OSPF, or other network protocols that run ...

Get Network Flow Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Flow Analysis by Michael W. Lucas

Useful Primitives

Protocol, Port, and Control Bit Primitives

IP Protocol Primitives

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly