NANO Agent does not look into the packet payloads; all the performance data that it obtains is based on the TCP/IP packet headers alone. Still, if you wish NANO Agents to not monitor the traffic for certain destinations or port numbers, you can do so easily. The following text explains how. How Do I Prevent Monitoring of Domains and Ports --------------------------------------------- NANO agent provides a powerful way to specify the traffic that you wish that NANO-agent must not capture or report on. This is achieved by editing the file called blockedlist.txt . You can edit this file on the fly, without having to restart the NANO-Agent. The changes take effect within one second, by default. The location of this file depends on the type of system, but you will always find a symbolic link to this file in /tmp/nano-agent-blockedlist.txt a) All traffic to/from a IP address (192.168.1.1) Add the following line to blockedlist.txt 192.168.1.1 c) Wildcard on Domain Names You can prevent NANO-agent from capturing packets for all the host that have a matching domain name. Note: All domain name based capture prevent takes effect within one second (by default) of the DNS lookup on the matching domain name from the client machine. Existing and ongoing session may still be captured. You can force prevention of capture for ongoing sessions by manually performing a DNS lookup on the desired domain by using the following command. dig domainname d) Block specific ports or port ranges. To block traffic capture on a set of ports add a line of following format in blockedlist.txt remotehost:local port range / remote port range For example, in order to stop capture of packets to a host called abc.gtnoise.net between port ranges 1000-2000 on your machine and 3000-4000 on abc.gtnoise.net, then add the following line to blockedlist.txt abc.gtnoise.net:1000-2000/3000-4000 You can specify specific ports, instead of port ranges. abc.gtnoise.net:1000/2000-3000 will stop capture of traffic from your machine to abc.gtnoise.net that is on port 1000 on your machine and ports in range 2000 to 3000 on abc.gtnoise.net Similarly, you can wildcard the ports. abc.gtnoise.net:*/2000-3000 will stop capture of traffic from all ports of your machine to abc.gtnoise.net on ports 2000-3000 If you wish to block traffic to all remote hosts for certain ports, use localhost as the hostname localhost:2000-3000/* will block all traffic using ports 2000-3000 on your machine to ALL remote machines. Like before, you can use wildcards in domain names for port blocking lines too.