What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

What is the correct syntax for adding a filter to included all networks other than 10.0.0.0 /8

Votes:

0

In the Filter Library I have created the following filters:

Net_0-7
     SourceIP[0.0.0.0/5]
     DestinationIP[0.0.0.0/5]
Net_8-9
     SourceIP[8.0.0.0/7]
     DestinationIP[8.0.0.0/7]
Net_10
     SourceIP[10.0.0.0/8]
     DestinationIP[10.0.0.0/8]
Net_11
     SourceIP[11.0.0.0/8]
     DestinationIP[11.0.0.0/8]
Net_12-15
     SourceIP[12.0.0.0/6]
     DestinationIP[12.0.0.0/6]
Net_16-31
     SourceIP[16.0.0.0/4]
     DestinationIP[16.0.0.0/4]
Net_32-63
     SourceIP[32.0.0.0/3]
     DestinationIP[32.0.0.0/3]
Net_64-127
     SourceIP[64.0.0.0/2]
     DestinationIP[64.0.0.0/2]
Net_128-255
     SourceIP[128.0.0.0/1]
     DestinationIP[128.0.0.0/1]

For the Packet Sniffer Sensor I have the following:

Include Ruleset
Net_0-7 Net_8-9 Net_11 Net_12-15 Net_16-31 Net_32-63 Net_64-127 Net_128-255

Exclude Rulset
Net_10

Is this the right syntax in the include ruleset to included all traffic from networks 0-9 and 11-255? Is it just spaces between each rule? Should I explicitly add "or" between each rule?

Is there a better way to do this?

The intent is to capture and report all traffic that is not on my private 10 network.

filter packet-sniffer ruleset

Created on Sep 3, 2010 3:54:24 PM

Last change on Sep 6, 2010 11:05:53 AM by Daniel Zobel [Product Manager]



1 Reply

Votes:

0

Hello,

if you basically want to monitor for everything that is not internal traffic (so from 10.*.*.* to 10.*.*.*), then we suggest to only use the exclude ruleset with the "Net_10" filter. Furthermore, it is necessary to change the filterset to:

Net_10
     SourceIP[10.0.0.0/8] DestinationIP[10.0.0.0/8]

This way it is an "AND"-Condition and refers to only internal traffic.

Best Regards.

Created on Sep 6, 2010 12:23:13 PM by Torsten Lindner [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.