Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout

10.03.2013 Views
EARLY FIELD TRIAL Chapter 8 Multiple Filter Mode and Exclude Filters 182 Sniffer Adaptive Application Analyzer When combining multiple filters in Multiple Filter Mode,Sniffer Adaptive Application Analyzer joins the filter with a logical OR rather than an AND. Because of this, joining multiple Exclude filters will always result in ALL packets passing the filter and being returned. Consider the following examples: Combing Include Filters in Multiple Filter Mode For example, suppose you set up the following filters: Filter 1 includes all packets of type A Filter 2 includes all packets of type B Combining these filters in Multiple Filter Mode and applying them to a trace file with packets of type A,B and C, will result in a filtered display with just packets of Type A and B. Combing Exclude Filters in Multiple Filter Mode Now, let’s apply the same logic to Exclude filters: Filter 1 excludes all packets of type A Filter 2 excludes all packets of type B Combining these filters in Multiple Filter Mode and applying them to a trace file with packets of type A,B and C, will result in a filtered display with packets of Type A, B, and C – all packets will pass the filter. This happens because the Exclude filters are joined with an OR condition between the filters. For a packet to be excluded from the filtered display, both the conditions must return FALSE. If even one condition returns TRUE, the packet gets included. The Boolean logic for this is: Not (Filter A or Filter B) = Not Filter A AND Not Filter B.

EARLY FIELD TRIAL Raw Capture Mode Postcapture Analysis Saving Sets of Filtered Frames / Creating New Windows You can save sets of filtered frames by selecting File > Save As with a filtered tab selected. A new window is created with the set of filtered frames in it, followed by the appearance of the Save As dialog box. When you use the Save As command on a set of filtered frames, the filtered frames in the new window are renumbered sequentially with new sequence numbers - the original sequence numbers are not preserved. You can also create new windows for filtered sets of frames by rightclicking a filtered tab and selecting the Create New Window command. A new postcapture window with just the filtered frames will appear. For a description of how to define a filter, see Using Manual Filters (Display > Define Filter) on page 183. Using Manual Filters (Display > Define Filter) This section describes how to use the Display Filter dialog box to create, manage, and apply manual display filters. Each time you create a new filter, you start by clicking the Profiles button in the Define Filter dialog box (Display > Define Filter). Then, click the New button to open a dialog that lets you assign the filter a profile name. Once you have successfully created a filter profile, it will appear in the Settings For panel so you can fine tune and apply the filter whenever you like. To create a filter profile: 1 Go to Display > Define Filter and the Define Filter dialog box appears. or Click the Define Filter icon 2 Click the Profiles button. The Capture Profiles dialog box appears, listing the filter profiles previously defined. User’s Guide 183

Page 1 and 2: EARLY FIELD TRIAL Sniffer ® Adapti

Page 3 and 4: EARLY FIELD TRIAL "This product inc

Page 5 and 6: EARLY FIELD TRIAL Contents Section

Page 7 and 8: EARLY FIELD TRIAL Contents Overview

Page 9 and 10: EARLY FIELD TRIAL Contents Setting

Page 11 and 12: EARLY FIELD TRIAL SECTION 1 Introdu

Page 13 and 14: EARLY FIELD TRIAL Sniffer Adaptive

Page 15 and 16: EARLY FIELD TRIAL Figure 1-2. Adapt


Page 19 and 20: EARLY FIELD TRIAL Sample Trace File


Page 23 and 24: EARLY FIELD TRIAL Key Terms Table 1

Page 25 and 26: EARLY FIELD TRIAL Table 1-3. Key Te

Page 27 and 28: EARLY FIELD TRIAL Quick Start - Fiv

Page 29 and 30: EARLY FIELD TRIAL Double-click the

Page 31 and 32: EARLY FIELD TRIAL Quick Start - Fiv

Page 33 and 34: EARLY FIELD TRIAL Step 4 - Capturin

Page 35 and 36: EARLY FIELD TRIAL Capture Mode Adap

Page 37 and 38: EARLY FIELD TRIAL Step 5 - Mining P

Page 39 and 40: EARLY FIELD TRIAL Adaptive Postcapt

Page 41 and 42: EARLY FIELD TRIAL Table 2-1. Postca

Page 43 and 44: EARLY FIELD TRIAL SECTION 2 Getting

Page 45 and 46: EARLY FIELD TRIAL Working with the

Page 47 and 48: EARLY FIELD TRIAL Introducing the N

Page 49 and 50: EARLY FIELD TRIAL Other Navigation

Page 51 and 52: EARLY FIELD TRIAL Using the Time Se


Page 55 and 56: EARLY FIELD TRIAL Zoom Menu Working

Page 57 and 58: EARLY FIELD TRIAL Introducing the G

Page 59 and 60: EARLY FIELD TRIAL Selected Statisti

Page 61 and 62: EARLY FIELD TRIAL Pie Chart Working

Page 63 and 64: EARLY FIELD TRIAL Column Chart Work

Page 65 and 66: EARLY FIELD TRIAL Time Series Chart



Page 71 and 72: EARLY FIELD TRIAL Using the Statist

Page 73 and 74: EARLY FIELD TRIAL Summary Tab a Usi


Page 77 and 78: EARLY FIELD TRIAL Port Tab Using th

Page 79 and 80: EARLY FIELD TRIAL Network Tab Using

Page 81 and 82: EARLY FIELD TRIAL Destination Tab U


Page 85 and 86: EARLY FIELD TRIAL VLAN ID Tab Using

Page 87 and 88: EARLY FIELD TRIAL Reports Tabs Usi

Page 89 and 90: EARLY FIELD TRIAL Top Conversations

Page 91 and 92: EARLY FIELD TRIAL Multicast Protoco



Page 97 and 98: EARLY FIELD TRIAL Refreshing Statis


Page 101 and 102: EARLY FIELD TRIAL Showing and Hidin

Page 103 and 104: EARLY FIELD TRIAL Resolving DNS Nam

Page 105 and 106: EARLY FIELD TRIAL Table 4-1. New Co

Page 107 and 108: EARLY FIELD TRIAL SECTION 2 Capturi

Page 109 and 110: EARLY FIELD TRIAL Capturing and Min

Page 111 and 112: EARLY FIELD TRIAL Configuring and S

Page 113 and 114: EARLY FIELD TRIAL Capture Mode Adap

Page 115 and 116: EARLY FIELD TRIAL Mining Packet Dat

Page 117 and 118: EARLY FIELD TRIAL Capturing and Min

Page 119 and 120: EARLY FIELD TRIAL Using Filters in

Page 121 and 122: EARLY FIELD TRIAL Reusable Filters

Page 123 and 124: EARLY FIELD TRIAL Figure 6-2. Apply

Page 125 and 126: EARLY FIELD TRIAL Working with Auto

Page 127 and 128: EARLY FIELD TRIAL Table 6-3. Filter


Page 131 and 132: EARLY FIELD TRIAL Using Pattern Mat

Page 133 and 134: EARLY FIELD TRIAL Applying Mining F


Page 137 and 138: EARLY FIELD TRIAL Adaptive Display

Page 139 and 140: EARLY FIELD TRIAL SECTION 3 Analyzi

Page 141 and 142: EARLY FIELD TRIAL Adaptive Session

Page 143 and 144: EARLY FIELD TRIAL Adaptive Mode Pos



Page 149 and 150: EARLY FIELD TRIAL Session Overview

Page 151 and 152: EARLY FIELD TRIAL Drilling Down to

Page 153 and 154: EARLY FIELD TRIAL Adaptive Decode V

Page 155 and 156: EARLY FIELD TRIAL Opening ASP Files

Page 157 and 158: EARLY FIELD TRIAL Figure 7-9. Openi

Page 159 and 160: EARLY FIELD TRIAL Using Filters wit

Page 161 and 162: EARLY FIELD TRIAL Raw Capture Mode

Page 163 and 164: EARLY FIELD TRIAL Table 8-1. Postca

Page 165 and 166: EARLY FIELD TRIAL Introducing the P

Page 167 and 168: EARLY FIELD TRIAL Granularity in De

Page 169 and 170: EARLY FIELD TRIAL Packet Status Fla

Page 171 and 172: EARLY FIELD TRIAL Table 8-5. Decode

Page 173 and 174: EARLY FIELD TRIAL Types of Display


Page 177 and 178: EARLY FIELD TRIAL a The “Apply on


Page 181: EARLY FIELD TRIAL Raw Capture Mode

Page 185 and 186: EARLY FIELD TRIAL Using the Manual

Page 187 and 188: EARLY FIELD TRIAL 5 Click OK. Figur


Page 191 and 192: EARLY FIELD TRIAL Setting Display S


Page 195 and 196: EARLY FIELD TRIAL Table 8-9. Summar


Page 199 and 200: EARLY FIELD TRIAL Searching for Fra




Page 207 and 208: EARLY FIELD TRIAL Printing Decoded

Page 209 and 210: EARLY FIELD TRIAL Using the Matrix


Page 213 and 214: EARLY FIELD TRIAL Using the Host Ta

Page 215 and 216: EARLY FIELD TRIAL Using the Protoco

Page 217 and 218: EARLY FIELD TRIAL Enabling VLAN Dat

Page 219 and 220: EARLY FIELD TRIAL Expert Analysis O

Page 221 and 222: EARLY FIELD TRIAL Expert Tool Bar T

Page 223 and 224: EARLY FIELD TRIAL Expert Analysis

Page 225 and 226: EARLY FIELD TRIAL Setting Expert Op

Page 227 and 228: EARLY FIELD TRIAL Analyze Expert An

Page 229 and 230: EARLY FIELD TRIAL Alarms Expert Ana

Page 231 and 232: EARLY FIELD TRIAL Protocols To conf

Page 233 and 234: EARLY FIELD TRIAL Subnet Masks To d

Page 235 and 236: EARLY FIELD TRIAL To configure or d

Page 237 and 238: EARLY FIELD TRIAL Oracle Options Mo

Page 239 and 240: EARLY FIELD TRIAL IP Options Expert

Page 241 and 242: EARLY FIELD TRIAL SECTION 4 Additio

Page 243 and 244: EARLY FIELD TRIAL Setting Quick Sel


Page 247 and 248: EARLY FIELD TRIAL Setting Graph Tab



Page 253 and 254: EARLY FIELD TRIAL Figure 10-6. Addi

Page 255 and 256: EARLY FIELD TRIAL Using the Address

Page 257 and 258: EARLY FIELD TRIAL Using the Address

Page 259 and 260: EARLY FIELD TRIAL SECTION 5 Reporti

Page 261 and 262: EARLY FIELD TRIAL Running Reports O

Page 263 and 264: EARLY FIELD TRIAL Table 12-1. Sprea

Page 265 and 266: EARLY FIELD TRIAL Running Reports 4

Page 267 and 268: EARLY FIELD TRIAL Index A About the

Page 269 and 270: EARLY FIELD TRIAL Host Table, 212 m

Page 271 and 272: EARLY FIELD TRIAL G General tab, 24

Page 273 and 274: EARLY FIELD TRIAL option, 243 Mindi

Page 275 and 276: EARLY FIELD TRIAL S S2DPalette.ini

Page 277: EARLY FIELD TRIAL U Use Address Boo

adaptive

statistics

filter

display

sniffer

panel

analyzer

filters

packet

capture

netscout

www.netscout.com

Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout

Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout ... View more Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout

Delete template?

Save as template ?

Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout Sniffer Adaptive Application Analyzer: Adaptive Mode ... - NetScout