Sniffer® Portable Professional User's Guide - NetScout
Share Embed Flag
Download ePaper

Sniffer® Portable Professional User's Guide - NetScout

Sniffer® Portable Professional User's Guide - NetScout Sniffer® Portable Professional User's Guide - NetScout

netscout
10.03.2013 Views

Chapter 8 176 Sniffer Portable Professional Single filter mode functions as a regular, single filter. With the Single Filter Mode option, you are limited to only one filter selection in the Select Filter dialog box. Selecting one filter automatically deselects the previously selected filter. Selecting a “parent” filter is not a valid filter. You must specify a single filter within the parent grouping. 3 Use the Select matching, Clear selected, and Apply on selected set options to specify how the display filter will be applied and its results returned. See Filtered Tabs or Marked Frames? on page 171 and The “Apply on Selected Set” Option on page 171 for more information. 4 Click OK to apply the selected filter(s) on the active Decode tab. Multiple Filter Mode and Exclude Filters When combining multiple filters in Multiple Filter Mode, Sniffer Portable Professional joins the filter with a logical OR rather than an AND. Because of this, joining multiple Exclude filters will always result in ALL packets passing the filter and being returned. Consider the following examples: Combing Include Filters in Multiple Filter Mode For example, suppose you set up the following filters: Filter 1 includes all packets of type A Filter 2 includes all packets of type B Combining these filters in Multiple Filter Mode and applying them to a trace file with packets of type A,B and C, will result in a filtered display with just packets of Type A and B. Combing Exclude Filters in Multiple Filter Mode Now, let’s apply the same logic to Exclude filters: Filter 1 excludes all packets of type A Filter 2 excludes all packets of type B Combining these filters in Multiple Filter Mode and applying them to a trace file with packets of type A,B and C, will result in a filtered display with packets of Type A, B, and C – all packets will pass the filter. This happens because the Exclude filters are joined with an OR condition between the filters. For a packet to be excluded from the filtered display, both the conditions must return FALSE. If even one condition returns TRUE, the packet gets included.

The Boolean logic for this is: Not (Filter A or Filter B) = Not Filter A AND Not Filter B. Displaying Captured Data Saving Sets of Filtered Frames / Creating New Windows You can save sets of filtered frames by selecting File > Save As with a filtered tab selected. A new window is created with the set of filtered frames in it, followed by the appearance of the Save As dialog box. When you use the Save As command on a set of filtered frames, the filtered frames in the new window are renumbered sequentially with new sequence numbers - the original sequence numbers are not preserved. You can also create new windows for filtered sets of frames by right-clicking a filtered tab and selecting the Create New Window command. A new postcapture window with just the filtered frames will appear. For a description of how to define a filter, see Defining Filters and Triggers on page 219. Setting Display Setup Options You can customize the way data is displayed in the decode display. You can: Exclude certain subprotocols from the summary pane (this is a more detailed control than a display filter). Set the summary address field format (network or hardware). Specify whether the two-station display format should be used. Select optional fields to be shown in the summary display. Color-code packets displayed in the summary pane based on their protocol. Select the font for the detail display. To set the display options: 1 Select Display Setup from the Display menu. The Display Setup dialog tabs are summarized in the following table. User’s Guide 177

The Boolean logic for this is:<br />

Not (Filter A or Filter B) = Not Filter A AND Not Filter B.<br />

Displaying Captured Data<br />

Saving Sets of Filtered Frames / Creating New Windows<br />

You can save sets of filtered frames by selecting File > Save As with a<br />

filtered tab selected. A new window is created with the set of filtered<br />

frames in it, followed by the appearance of the Save As dialog box.<br />

When you use the Save As command on a set of filtered frames, the<br />

filtered frames in the new window are renumbered sequentially with new<br />

sequence numbers - the original sequence numbers are not preserved.<br />

You can also create new windows for filtered sets of frames by<br />

right-clicking a filtered tab and selecting the Create New Window<br />

command. A new postcapture window with just the filtered frames will<br />

appear.<br />

For a description of how to define a filter, see Defining Filters and<br />

Triggers on page 219.<br />

Setting Display Setup Options<br />

You can customize the way data is displayed in the decode display. You<br />

can:<br />

Exclude certain subprotocols from the summary pane (this is a<br />

more detailed control than a display filter).<br />

Set the summary address field format (network or hardware).<br />

Specify whether the two-station display format should be used.<br />

Select optional fields to be shown in the summary display.<br />

Color-code packets displayed in the summary pane based on their<br />

protocol.<br />

Select the font for the detail display.<br />

To set the display options:<br />

1 Select Display Setup from the Display menu. The Display Setup<br />

dialog tabs are summarized in the following table.<br />

User’s <strong>Guide</strong> 177

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!