Filters and Variables

Flow-tools also includes filters that can be configured on the command line, which can be useful for very simple filters, such as identifying traffic from a particular IP address. The default filters that use these are fairly limited, but they'll suffice for simple traffic analysis. It's also easy to write your own variable-driven reports.

Using Variable-Driven Filters

The filters that are configurable on the command line use three variables: ADDR (address), PORT (port), and PROT (protocol). These support five reports, letting you filter by protocol as well as by source and destination address and port: ip-src-addr, ip-dst-addr, ip-src-port, ip-dest-port, and ip-prot.

Suppose your boss calls. She's connecting from a random open ...

Get Network Flow Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Flow Analysis by Michael W. Lucas

Filters and Variables

Using Variable-Driven Filters

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly