Skip to main content

Questions tagged [filter]

Usually related with text filtering of some kind, like logs. This may also refer to email filtering. Note that there are other tags that are more appropriate for network and spam filtering.

Filter by
Sorted by
Tagged with
80 votes
4 answers
218k views

How to make wireshark filter POST-requests only?

How to make wireshark filter POST-requests only?
Ilya Smagin's user avatar
34 votes
1 answer
192k views

tcpdump filter on network and subnet mask

I'm using the following tcpdump command: tcpdump -w net75.out -s 0 host 65.207.95.222 I want to change the filter on the single host to be all addresses in the following subnet: 65.192.0.0/10 I ...
harrije's user avatar
  • 343
29 votes
6 answers
81k views

How does ping know that my packets are filtered?

I'm customer of an Irish ISP, eircom, which has started censoring the pirate bay. When I try to ping 194.71.107.15 which is the IP address of thepiratebay.com, I get this output: PING 194.71.107.15 (...
Amandasaurus's user avatar
  • 32.5k
27 votes
3 answers
18k views

What is the difference between 0.0.0.0/0 and 0.0.0.0/1?

In the history, I mostly used 0.0.0.0/0 for "match every IP address". Recently, I saw a 0.0.0.0/1 subnet filter. What is the difference between 0.0.0.0/0 and 0.0.0.0/1 and what's the ...
Arakis's user avatar
  • 391
21 votes
5 answers
30k views

Linux shell command to filter a text file by line length

I have a 30gb disk image of a borked partition (think dd if=/dev/sda1 of=diskimage) that I need to recover some text files from. Data carving tools like foremost only work on files with well defined ...
Li-aung Yip's user avatar
17 votes
1 answer
37k views

How to prevent squid from caching and just filter?

I have set a proxy server on my network. I only want to filter the web traffic. So, I have Squid as a proxy and Qlproxy as the filter : http://www.quintolabs.com/qlicap_info.php My server have only ...
THpubs's user avatar
  • 1,785
12 votes
2 answers
14k views

Filter tcpdump file AFTER capturing

I captured a really big tcpdump file which now always crashes my wireshark. It was captured with no filters and I need to apply some afterwards to make the file smaller. Is this somehow possible?
Zulakis's user avatar
  • 4,293
11 votes
1 answer
6k views

How to prevent IP spoofing using MAC and ebtables?

I am trying to create IP-MAC pairing rules in ebtables. There are few tutorials and related questions [1] available but I have kind of specific setting. ENVIRONMENT: I have many physical hosts. Each ...
Martin's user avatar
  • 341
8 votes
1 answer
29k views

How to filter for HTTP 500 responses and their requests in Wireshark?

How do I filter for HTTP 500 responses and their requests in Wireshark? I'm able to use http.response.code == 500 to find all the responses which got the return code 500 but I want to be able to see ...
Martin's user avatar
  • 250
7 votes
5 answers
25k views

Wireshark filter to only capture Incoming Packets?

I am trying to setup a Filter (so my log files aren't massive) that will capture only incoming traffic. I have looked on http://wiki.wireshark.org/CaptureFilters but so far have been unable to find a ...
Aidan Knight's user avatar
7 votes
2 answers
5k views

Traffic shaping: tc filter catch all filter

How Can I configure a "catch all" filter with tc filter? I tested with the following code but it gave me the error: "Unknown filter "1:100", hence option "protocol" is unparsable": tc filter add ...
Diosney's user avatar
  • 305
7 votes
5 answers
10k views

Why are emails sent from my applications being marked as spam?

I have 2 web apps running on the same server. The first is www.nimikri.com and the other is www.hourjar.com. Both apps share the same IP address (75.127.100.175). My server is through a shared ...
user avatar
7 votes
3 answers
4k views

Rsync filter and ignore some directories [closed]

I'd like to rsync a directory that contains a Python 3 app on my server. The directory has files I'm interested in: the files that end with .py And there are the files I'd like to be ignored (these ...
John Smith Optional's user avatar
6 votes
1 answer
7k views

How are filters combined in syslog-ng?

If I've got an entry in syslog-ng log { source (src); filter (filter1); filter (filter2); filter (filter3); filter (filter4); destination (all_log) } And, say filter4 is a very ...
Peter Turner's user avatar
  • 2,350
6 votes
1 answer
227 views

How to filter settings within a GPO that only applies to Windows XP?

We have several GPOs containing many settings that have accumluated over time. I have spot-checked some of them and stumbled over settings that only apply to Windows XP (we exclusively run Vista and ...
Matthias Güntert's user avatar
6 votes
1 answer
1k views

Reduce munin logging level

Munin is quite verbose, and logs a bunch of things into munin-graph.log, munin-html.log, munin-limits.log and munin-update.log at each run of munin-cron. I already reduced munin-node logging level by ...
petrus's user avatar
  • 5,317
5 votes
2 answers
2k views

Postfix is not rejecting recipients addresses when mailx is used

I have a problem with postfix to reject outgoing email for some address in blacklist. This is my configure /etc/postfix/main.cf: smtpd_recipient_restrictions = check_recipient_access hash:/...
Phong Đặng's user avatar
5 votes
4 answers
7k views

Log every IP connecting on a system with iptables

Title says it all. How can I, with iptables under Linux, log all IP connecting to a server? As a little detail, I'd like to have only ONE entry in the log PER DAY PER IP. Thanks :) EDIT: I ...
Alexandre Nizoux's user avatar
5 votes
1 answer
2k views

Is null return path reliable indication of a bounce?

I have a mailbox that receives bounces as well as normal email (the latter includes messages from automated services). I want to filter out the bounces and forward them to another mailbox. Assume I ...
Vasiliy Faronov's user avatar
5 votes
2 answers
3k views

Linux ldap authentication, pam_filter ignored

I've set up linux client authentication via ldap, it works. I want to control user's access to several services by adding or removing different OUs for accounts. E.g., if user is allowed to login ...
Alexander's user avatar
  • 163
4 votes
2 answers
10k views

Server and network setup for a small private school

I help a local private school with a lot of their tech needs. So far, it's been on the order of repairing/installing office computers and helping manage the office network. But now the administrator ...
apathos's user avatar
  • 141
4 votes
5 answers
7k views

How do I remove (un-apply) a named filter from a Procurve switch port using the CLI?

EDIT: Edited my examples to reflect that I was indeed attempting this with the switch in "configure" mode. Still no joy. EDIT: I've done some more searching on this issue. I just can't seem to see it ...
Craig Tullis's user avatar
4 votes
1 answer
11k views

More Searchfilters in AuthLDAPURL

Is it posible to have more then one searchfilter in AuthLDAPURL? Example uid filter: <Location /test/> AuthType Basic AuthName "Test" AuthBasicProvider ldap ...
user1373150's user avatar
4 votes
2 answers
4k views

Traffic shaping: tc filter attached to an HTB class?

Can I attach a tc filter to an HTB class rather than to an HTB qdisc? For example: tc class add dev $IF_LAN parent 1:100 classid 1:180 htb rate 19kbit ceil 2000kbit prio 4 where: 1:100 -> Is ...
Diosney's user avatar
  • 305
4 votes
1 answer
11k views

Transparent HTTP/HTTPS domain filtering proxy [closed]

I want to set up a transparent HTTP/HTTPS proxy to filter outbound requests based on destination hostname (domain). The proxy itself should be non-intrusive and just forward traffic, not decrypt/...
Cybran's user avatar
  • 422
4 votes
8 answers
13k views

Separate color from black-and-white pages for printing

My organization has a leased color printer. We pay a per-page cost to the lessor, and the color page cost is far greater than the black-and-white page cost. Our users are pretty good about selecting ...
wfaulk's user avatar
  • 6,968
3 votes
1 answer
4k views

Fail2Ban Filter Errors

I'm trying to add two fail2ban filters, one for post flood and phpmyadmin brute force but i get the following errors. logs: fail2ban.filter : ERROR No 'host' group in '[[]client []] File does not ...
RoastedCode's user avatar
3 votes
3 answers
8k views

Filter the output of a log file

Question I've a log-File which display all console-logs of my website in the range of 10.Oct to 1.Nov, start with the logs of 10.Oct. I need all logs from the range of 25.Oct until today. The problem ...
Michael Schmidt's user avatar
3 votes
5 answers
3k views

Limit Internet access to White-Listed Sites?

We have need for certain computers to have their Internet access limited to a list of sites, denying access to all others (white-listing). Some of these sites use HTTPS, so the solution needs to ...
Nick's user avatar
  • 311
3 votes
1 answer
11k views

How to configure postfix/dovecot setup to reject certain mail

I followed this (https://workaround.org/ispmail/squeeze/big-picture) tutorial to set up my mailserver and it works very well. I'd like to be able to reject email from certain users or if it contains ...
Axel Latvala's user avatar
3 votes
1 answer
5k views

How can I use maildrop to forward a copy to another email address?

I have a postfix + virtual users setup. I have enabled maildrop as the delivery agent. How can I write a filter for a user so that if mail comes from a particular domain to that user a copy also goes ...
proy's user avatar
  • 1,239
3 votes
1 answer
106 views

How do I check whether an administrator has viewed the security audit log?

A colleague and I have been discussing an IS audit demo on Windows. One point we'd like to cover is that an administrative/high-privilege user should view the security log within X hours of a failure ...
Everyone's user avatar
  • 249
3 votes
2 answers
6k views

tc prio qdisc for priorization of mysql traffic

I am struggling with tc prio qdisc for a few hours now. I have read the lartc Documentation, Examples and HowTos, but this whole thing is kinda new for me and somewhat confusing :) So this is my ...
Niko S P's user avatar
  • 1,182
3 votes
1 answer
615 views

Toggle postfix on and off

There's probably an answer to this already, but I just can't figure out how to search for it correctly. Situation: We have a failover situation for two nodes, using keepalived, passing a floating IP ...
Ross Presser's user avatar
3 votes
1 answer
4k views

Clearing out Barracuda 310 web filter DNS/site cache?

On my network I have a Barracuda 310 web filter installed. After an issue with our ISP suddenly interrupting our DNS service, we switched over to a more reliable DNS on all of our systems. ...
tup20's user avatar
  • 33
3 votes
0 answers
6k views

How to filter ObjectName in Windows logs with Advanced XML Filtering?

I want to deploy a centralized log analysis tool on my domain. I'm currently configuring Windows to audit a shared network drive (read, write, access attempt of domain users) to forward Windows events ...
Aexyn's user avatar
  • 31
2 votes
4 answers
14k views

How can the SSDP protocol be filtered out of Wireshark view?

In Wireshark version 1.12.4, I am trying to filter out packet messages with an SSDP protocol. When I clicked the Expression button next to the Filter field, and selected "HTTP" (as Field Name) and "...
JustBeingHelpful's user avatar
2 votes
1 answer
2k views

Use Windows PowerShell to find and delete files from specific owner

Because of a ransomware attack (no big deal, all recovered from backup) I want to clean up the directories and sub directories on the network share where the attack happened to create a lot of ...
Anna Nuema's user avatar
2 votes
2 answers
4k views

PF: Block all, but one subnet firewall rule?

I'm trying to do something that I thought would be relatively simple: Block all the traffic to a test server, other than my company's subnet. I've tried things along these lines (111.111.0.0 is my ...
ballofpopculture's user avatar
2 votes
3 answers
778 views

How to filter a LDAP query for users which are authenticated? [closed]

I want to check if a user is authenticated right now for my Windows domain. For that I want to use an LDAP query. I learned that there is a group "Authenticated Users" (S-1-5-11) which might do the ...
avh's user avatar
  • 41
2 votes
1 answer
573 views

Postfix address filtering

Is it possible to do sender address filtering within postfix itself? I want to block email where the sender and recipient are both [email protected] except in the case that the email was sent locally. ...
diolemo's user avatar
  • 283
2 votes
2 answers
18k views

Squid proxy_protocol_access with dstdomain acl

I'm configuring a squid proxy to work as a sort of a gateway for traffic egress. The environment in which this is deployed has a client that makes a request through a load balancer which then sends it ...
jshack.anc's user avatar
2 votes
1 answer
1k views

Block UDP traffic by rate/string-match on Windows 2008

I am administrating a Windows 2008 server (64-bit). It is being subjected to a focused set of DOS attacks where UDP packets are sent to a specific port and contain a specific string. What I need to ...
T3RCX's user avatar
  • 21
2 votes
1 answer
209 views

Set up a Fax server to filter spam

At my work, we have a huge costly multi-function printer that does everything a printer can dream of. It is hooked up directly on a dedicated fax telephone line. Now we receive an increasing amount of ...
Eric's user avatar
  • 351
2 votes
1 answer
89 views

("remotely") Managing filters with Horde 3.3.13

I'm using Horde 3.3.13 (which is an old version I know) and uses the filters all the time. I know that thunderbird, for instance, also support filters. Is there a way to synchronize the filters on ...
Clément's user avatar
  • 111
2 votes
1 answer
660 views

Inaccurate bandwidth limiting in altq queues

I'm setting up an environment where I have one Linux server, one OpenBSD router and one Linux client and I want to be able to limit how much bandwidth the client should be able to use. I've been ...
user42511's user avatar
2 votes
1 answer
78 views

How to skip a message matching a certain pattern if it repeats more often than a limit?

Is it possible to stop a matching message if it appears more frequently than a given limit? I'd like to achieve something like this: if $programname == "foo" and $msg contains "bar&...
Petr's user avatar
  • 635
2 votes
2 answers
368 views

rsync all pdfs except in certain directories?

I'm trying hard to understand the rsync filter system, and it's completely baffling me. I have the following "test" directory structure to try to make sense of it. With no filter options ...
pixelearth's user avatar
2 votes
1 answer
1k views

tc/netem filter explenation

Iam new to tc and i find it mighty confusing, i was able to find and bit understand little command flow, to issue delay on specific IP, but i dont tink it works properly - delaying all traffic ...
J B's user avatar
  • 93
2 votes
2 answers
951 views

Powershell script - Find LogOn attribute - How from specific OU?

This is the PowerShell script I use to find the LogOn attribute from users in Active Directory. Now rather than getting all users I want it to search only in a specific OU. The domain looks like this: ...
DirkW's user avatar
  • 21