...\" $Header: /usr/src/docbook-to-man/cmd/RCS/docbook-to-man.sh,v 1.3 1996/06/17 03:36:49 fld Exp $...\"...\"	transcript compatibility for postscript use....\"...\"	synopsis:  .P! <file.ps>...\".de P!\\&..fl			\" force out current output buffer\\!%PB\\!/showpage{}def...\" the following is from Ken Flowers -- it prevents dictionary overflows\\!/tempdict 200 dict def tempdict begin.fl			\" prolog.sy cat \\$1\" bring in postscript file...\" the following line matches the tempdict above\\!end % tempdict %\\!PE\\!..sp \\$2u	\" move below the image...de pF.ie     \\*(f1 .ds f1 \\n(.f.el .ie \\*(f2 .ds f2 \\n(.f.el .ie \\*(f3 .ds f3 \\n(.f.el .ie \\*(f4 .ds f4 \\n(.f.el .tm ? font overflow.ft \\$1...de fP.ie     !\\*(f4 \{\.	ft \\*(f4.	ds f4\"'	br \}.el .ie !\\*(f3 \{\.	ft \\*(f3.	ds f3\"'	br \}.el .ie !\\*(f2 \{\.	ft \\*(f2.	ds f2\"'	br \}.el .ie !\\*(f1 \{\.	ft \\*(f1.	ds f1\"'	br \}.el .tm ? font underflow...ds f1\".ds f2\".ds f3\".ds f4\".ta 8n 16n 24n 32n 40n 48n 56n 64n 72n .TH "\fBflow-filter\fP" "1".SH "NAME"\fBflow-filter\fP \(em Filter flows\&..SH "SYNOPSIS".PP\fBflow-filter\fP [-hko]  [-a\fI src_as_filter\fP]  [-A\fI dst_as_filter\fP]  [-b\fI big\fP|\fIlittle\fP]  [-C\fI comment\fP]  [-D\fI dstaddr_filter_name\fP]  [-d\fI debug_level\fP]  [-f\fI acl_fname\fP]  [-i\fI input_filter\fP]  [-I\fI output_filter\fP]  [-p\fI srcport_filter\fP]  [-P\fI dstport_filter\fP]  [-r\fI ipprot_filter\fP]  [-S\fI srcaddr_filter_name\fP]  [-t\fI tos_filter\fP]  [-T\fI tcp_flags_filter\fP]  [-x\fI nexthop_filter_name\fP]  [-z\fI z_level\fP] .SH "DESCRIPTION".PPThe \fBflow-filter\fP utility will filter flows based onuser selectable criteria\&.  The IP address filters are defined in \fBflow\&.acl\fP or by the filename specified by -f\&..PPOther filters such as input interface and ports are defined on thecommand line\&.  These filters accept range and negation operators, ie-i1-15 for input interfaces 1 through 15 or -i1,15 for input interfaces1 and 15, or !1,15 for not input interfaces 1 and 15\&..PPThe syntax is kludgy and needs reworked but works for most applications\&..SH "OPTIONS".IP "-a\fI src_as_filter\fP" 10Source AS filter, ie -a159 to permit Autonomous System 159\&..IP "-A\fI dst_as_filter\fP" 10Destination AS filter, ie -A159,3112 to permit Autonomous Systems 159 and 3112\&..IP "-b\fI big\fP|\fIlittle\fP" 10Byte order of output\&..IP "-C\fI Comment\fP" 10Add a comment\&. .IP "-d\fI debug_level\fP" 10Enable debugging\&..IP "-D\fI dstaddr_filter_name\fP" 10Destination IP address filter\&.  This is the name or number of a standardaccess list defined in \fBflow\&.acl\fP or the file specifiedby -f\&..IP "-f\fI acl_fname\fP" 10Access list filename\&.  Defaults to \fBflow\&.acl\fP\&..IP "-h" 10Display help\&..IP "-i\fI input_filter\fP" 10Input interface filter, ie -i0 to permit traffic from interface 0\&..IP "-k" 10Keep time from input\&..IP "-I\fI output_filter\fP" 10Output interface filter, ie -I0 to permit traffic to interface 0\&..IP "-o" 10Logical OR instead of AND filters\&..IP "-p\fI srcport_filter\fP" 10Source port filter, ie -p80 to only permit source port 80\&..IP "-P\fI dstport_filter\fP" 10Destination port filter, ie -P80,8080 to permit destination ports 80 and 8080\&..IP "-r\fI ipprot_filter\fP" 10IP Protocol filter, ie -r6 to only permit TCP traffic\&..IP "-S\fI srcaddr_filter_name\fP" 10Source IP address filter\&.  This is the name or number of a standardaccess list defined in \fBflow\&.acl\fP or the filespecified by -f\&..IP "-t\fI tos_filter\fP" 10ToS bits filter\&.  An optional mask is available which is applied tothe tos field before comparing to the filter list\&.  For example tomatch a tos bit pattern of 101xxxxx use 0xA0/0xE0\&..IP "-T\fI tcp_flags_filter\fP" 10TCP bits filter\&.  An optional mask is available which is applied tothe TCP flags field before comparing to the filter list\&.  For example tomatch a flows with the SYN bit set use 0x2/0x2\&..IP "-x\fI nexthop_filter_name\fP" 10NextHop IP address filter\&.  This is the name or number of a standardaccess list defined in \fBflow\&.acl\fP or the filespecified by -f\&..IP "-z\fI z_level\fP" 10Configure compression level to \fI z_level\fP\&.  0 isdisabled (no compression), 9 is highest compression\&..SH "EXAMPLES".PPPrint all traffic with a destination port of 80\&..PP  \fBflow-cat /flows/krc4 | flow-filter -P80 | flow-print\fP.PPPrint all traffic with with source IP 10\&.0\&.0\&.1\&.  Populate\fBflow\&.acl\fP with  ip access-list standard badguy permit host 10\&.0\&.0\&.1.PP  \fBflow-cat /flows/krc4 | flow-filter -Sbadguy | flow-print\fP.PPReport all destinations that IP 10\&.0\&.0\&.1 has sent traffic to\&.  Sort byoctets\&.  Populate \fBflow\&.acl\fP with  ip access-list standard badguy permit host 10\&.0\&.0\&.1.PP  \fBflow-cat /flows/krc4 | flow-filter -Sbadguy | flow-stat -f8 -S2\fP.SH "BUGS".PPExtended access lists are not fully implemented\&.The command line filter syntax is a kludge\&..SH "NOTES".PPUse flow-nfilter instead\&..SH "AUTHOR".PPMark Fullmer maf@splintered\&.net.SH "SEE ALSO".PP\fBflow-tools\fP(1)...\" created by instant / docbook-to-man, Sat 30 Nov 2002, 23:28