NetFort Tips & Tricks - How to exclude some of your network traffic from LANGuardian monitoring

  • 1
  • Idea
  • Updated 6 years ago
  • (Edited)
A customer recently asked us if it is possible to exclude some network traffic from LANGuardian monitoring. The answer is yes, it is possible. The customer in question wanted to exclude backup server traffic, but you can use the same technique to exclude any traffic you do not want to monitor. Reducing the amount of traffic monitored by LANGuardian improves database efficiency and overall performance.

LANGuardian implements Berkeley Packet Filter (BPF) to exclude or include the traffic you want LANGuardian to monitor. The steps involved in setting up a BPF filter are:

1. Go to the LANGuardian Configuration page.
2. In the System Status section of the Configuration page, click Check the sensor status.
3. Click the Settings link for the sensor you want to modify.
4. Click Edit Sensor Settings.
5. Find the setting BPF Filter For The Traffic Monitor or BPF traffic filter for IDS.
6. Specify a filter (see some examples below).
7. Click Save.

The following examples show some of the most common BPF filters.

To exclude one host not host x.x.x.x
To exclude multiple hosts not host (x.x.x.x or x.x.x.x or x.x.x.x)
To exclude one port not port x
To exclude traffic belonging to a certain
host on a VLAN vlan and not host x.x.x.x and not host x.x.x.x and not host x.x.x.x
To exclude traffic between host A and host B not (host A and host B)
To capture only traffic to and from a subnet net address/mask net x.x.x.x/mask

And, as always, if you have questions about any aspect of LANGuardian, please contact us on any time.
Photo of Aisling Brennan

Aisling Brennan, Official Rep

  • 393 Posts
  • 8 Reply Likes

Posted 6 years ago

  • 1

Be the first to post a reply!