Logical Operators in Filter Definitions

When you put multiple match conditions in a filter definition, flow-nfilter places a logical "and" between them. For example, the following filter shows all traffic that runs over TCP and has a source port of 25. This passes an email server's responses to a connection.

filter-definition TCPport25
    match ip-protocol TCP
    match ip-source-port port25

You can use other logical operators to build very complicated filters.

Logical "or"

When I try to analyze a connection problem, I usually want to see both sides of the conversation. I want a filter that will show connections to port 25 as well as from port 25. For this, use the or operator as follows:

filter-definition email match ip-protocol TCP match ip-source-port ...

Get Network Flow Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Network Flow Analysis by Michael W. Lucas

Logical Operators in Filter Definitions

Logical "or"

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly