Sniffer® Portable Professional User's Guide - NetScout
Share Embed Flag
Download ePaper

Sniffer® Portable Professional User's Guide - NetScout

Sniffer® Portable Professional User's Guide - NetScout Sniffer® Portable Professional User's Guide - NetScout

netscout
10.03.2013 Views

Chapter 8 Table 8-3. Decode Tab Toolbar Buttons Button Title Description Automatic Filter Type Selection 166 Sniffer Portable Professional Use this dropdown to specify which information in the currently selected packet should be used to automatically populate the Define Filter dialog box’s fields when you click the Define Display Filter or Add to Last Filter button. You can populate based on source/destination IP addresses, ports, and MAC addresses. See Using Automatic Display Filters on page 168. Define Display Filter Displays the Define Filter dialog box with settings automatically populated based on the currently selected packet and the setting of the adjacent Filter Type Selection dropdown. See Using Automatic Display Filters on page 168. Add to Last Filter Takes the type of information specified in the Filter Type Selection dropdown from the currently selected packet and adds it to the last filter used in the Define Filter dialog. See Combining Filter Components (“Add to Last Filter”) on page 173 for details. Quick Filter Automatically filters the display based on the selected information in the currently selected packet. For example, if the Filter Type Selection dropdown is set to Connection, clicking Quick Filter will filter the display based on the source/destination addresses and ports (that is, the connection). Use the Display > Display Setup > Packet Selection tab to specify how Quick Filters will be applied (for example, whether matching packets are returned in a new tab or shown selected in the active tab, and so on). See Using Quick Filters on page 172 for details.

Setting Display Filters Displaying Captured Data A filter applied to the display of captured data is called a display filter. Display filters let you select the packets you want to display in a Decode tab. Display filters do not affect the contents of the capture buffer. They just prevent some of the data from being displayed. You can use display filters to view only: Packets transmitted between network nodes (or address pairs) Packets that belong to one or more protocol groups Packets that match predefined data patterns Error packets Packets that belong to a certain size range Packets that match various combinations of the above specifications IMPORTANT: Defining Filters and Triggers on page 219 provides the details on working with Sniffer filters in general – monitor, capture, and display. This section adds to that information with some additional topics specifically for display filters. Types of Display Filters The Sniffer provides several types of display filters: Manual Display Filters You can set Display filters manually in the Define Filter - Display dialog box. This dialog box is available by using the Display > Define Filter command. Then, you have full access to the standard Define Filter tabs described in Defining Filters and Triggers on page 219. Automatic Display Filters You can automatically populate the Define Filter - Display dialog box’s tabs with filter settings based on selected portions of the currently selected packet in the Decode tab. You do this by using the dropdown at the top of the Decode tab to specify which portion of the selected packet you want to use as a filter (for example, just the source IP address) and clicking the Define Display Filter button. See Using Automatic Display Filters on page 168. User’s Guide 167

Setting Display Filters<br />

Displaying Captured Data<br />

A filter applied to the display of captured data is called a display filter.<br />

Display filters let you select the packets you want to display in a Decode<br />

tab. Display filters do not affect the contents of the capture buffer. They<br />

just prevent some of the data from being displayed.<br />

You can use display filters to view only:<br />

Packets transmitted between network nodes (or address pairs)<br />

Packets that belong to one or more protocol groups<br />

Packets that match predefined data patterns<br />

Error packets<br />

Packets that belong to a certain size range<br />

Packets that match various combinations of the above<br />

specifications<br />

IMPORTANT: Defining Filters and Triggers on page 219 provides the<br />

details on working with Sniffer filters in general – monitor, capture, and<br />

display. This section adds to that information with some additional topics<br />

specifically for display filters.<br />

Types of Display Filters<br />

The Sniffer provides several types of display filters:<br />

Manual Display Filters<br />

You can set Display filters manually in the Define Filter - Display dialog<br />

box. This dialog box is available by using the Display > Define Filter<br />

command. Then, you have full access to the standard Define Filter tabs<br />

described in Defining Filters and Triggers on page 219.<br />

Automatic Display Filters<br />

You can automatically populate the Define Filter - Display dialog box’s<br />

tabs with filter settings based on selected portions of the currently<br />

selected packet in the Decode tab. You do this by using the dropdown at<br />

the top of the Decode tab to specify which portion of the selected packet<br />

you want to use as a filter (for example, just the source IP address) and<br />

clicking the Define Display Filter button.<br />

See Using Automatic Display Filters on page 168.<br />

User’s <strong>Guide</strong> 167

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!