O'Reilly logo

Network Flow Analysis by Michael W. Lucas

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Useful Primitives

Now that you understand how primitives and filters work together, I'll discuss primitives in depth. flow-nfilter supports many different primitives, but I'll cover only the most commonly useful ones here. The flow-nfilter man page includes the complete primitive list, but this book contains every one that I have used during several years of flow analysis.

Protocol, Port, and Control Bit Primitives

Filtering on network protocol and port information is one of the most common ways to strip a list of flow records down to only interesting traffic.

IP Protocol Primitives

You saw a basic IP protocol primitive earlier, but you can check for protocols other than TCP. For example, if you use IPSec, OSPF, or other network protocols that run ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required