Sniffer® Portable Professional User's Guide - NetScout
Sniffer® Portable Professional User's Guide - NetScout Sniffer® Portable Professional User's Guide - NetScout
Chapter 8 Searching for Data Patterns using a Pattern from a Known Packet 192 Sniffer Portable Professional In addition to Searching for Frames Matching Data Patterns, the easiest way to search for a data pattern is to use a pattern from a known packet. To search for data patterns using a pattern from a known packet: 1 Locate and highlight either: A packet in the Summary pane. A protocol field or a data pattern in the Detail pane. 2 Open the Find Frame dialog box by selecting the Find Frame command from the Display menu (or from the context menu). 3 Select the Data tab. If you selected a packet in the Summary pane, the Data tab will already contain some data from the selected packet. If you selected a protocol field or data pattern in the Detail pane, the Data tab will already contain the selected field or pattern. 4 Set the From list box to Don’t Care. 5 You can click the Set Data button to open the Set Data dialog box, containing a line-by-line decode of the selected packet. Figure 8-14. The Set Data Dialog Box 6 Select a line from the Set Data dialog box and click OK. 7 The data from the selected line is placed in the data pattern area of the Find Frame dialog box. Adjust the data and the length if necessary
Displaying Captured Data 8 Click OK to start the search. If a pattern match is found, the packet containing the pattern will be displayed in the Decode Display. Press F3 to search for the next packet. Searching for Frames Matching Packet Status Flags To search for packets with a a particular Status flag: 1 Display the Find Frame dialog box using any of the following commands: Select Find Frame from the Display menu. Select Find Frame from the Decode tab’s context menu (activated by right-clicking anywhere on the Decode tab). Use the Alt-F3 keyboard shortcut. 2 Click the Status tab. 3 Select the status flag(s) to search for. 4 Click Up or Down to specify the search direction. 5 Click OK. If a frame with one of the specified flags is found, the frame containing the will be displayed in the Decode Display. Press F3 to search for the next packet matching the same criteria. NOTE: Some Status flags require an enhanced driver to detect. Because Sniffer Portable Professional no longer includes enhanced drivers for Ethernet, searching for the corresponding Status flag will often produce no results. For descriptions of the various possible packet status flags, see Packet Status Flags in the Summary Pane on page 185. User’s Guide 193
- Page 142 and 143: Chapter 7 142 Sniffer Portable Prof
- Page 144 and 145: Chapter 7 Discovered access points
- Page 146 and 147: Chapter 7 146 Sniffer Portable Prof
- Page 148 and 149: Chapter 7 148 Sniffer Portable Prof
- Page 150 and 151: Chapter 7 Expert Oracle Options 150
- Page 152 and 153: Chapter 7 Limitations of the Expert
- Page 154 and 155: Chapter 7 Click to show the packet
- Page 156 and 157: Chapter 7 156 Sniffer Portable Prof
- Page 158 and 159: Chapter 8 Displaying Captured Packe
- Page 160 and 161: Chapter 8 Postcapture Views for Wir
- Page 162 and 163: Chapter 8 162 Sniffer Portable Prof
- Page 164 and 165: Chapter 8 164 Sniffer Portable Prof
- Page 166 and 167: Chapter 8 Table 8-3. Decode Tab Too
- Page 168 and 169: Chapter 8 168 Sniffer Portable Prof
- Page 170 and 171: Chapter 8 b 170 Sniffer Portable Pr
- Page 172 and 173: Chapter 8 a 172 Sniffer Portable Pr
- Page 174 and 175: Chapter 8 174 Sniffer Portable Prof
- Page 176 and 177: Chapter 8 176 Sniffer Portable Prof
- Page 178 and 179: Chapter 8 178 Sniffer Portable Prof
- Page 180 and 181: Chapter 8 Display Setup > Summary D
- Page 182 and 183: Chapter 8 182 Sniffer Portable Prof
- Page 184 and 185: Chapter 8 184 Sniffer Portable Prof
- Page 186 and 187: Chapter 8 Searching for Frames in t
- Page 188 and 189: Chapter 8 Searching for Frames Matc
- Page 190 and 191: Chapter 8 Searching for Frames Matc
- Page 194 and 195: Chapter 8 194 Sniffer Portable Prof
- Page 196 and 197: Chapter 8 Printing Decoded Packets
- Page 198 and 199: Chapter 8 Using Protocol Forcing Yo
- Page 200 and 201: Chapter 8 Sniffer Portable Professi
- Page 202 and 203: Chapter 8 Postcapture Matrix Tab 20
- Page 204 and 205: Chapter 8 More about the Matrix Tra
- Page 206 and 207: Chapter 8 Postcapture Host Table Ta
- Page 208 and 209: Chapter 8 Postcapture Protocol Dist
- Page 210 and 211: Chapter 8 Postcapture Statistics Ta
- Page 212 and 213: Chapter 8 212 Sniffer Portable Prof
- Page 214 and 215: Chapter 9 4 Click OK. 214 Sniffer P
- Page 216 and 217: Chapter 9 216 Sniffer Portable Prof
- Page 218 and 219: Chapter 9 218 Sniffer Portable Prof
- Page 220 and 221: Chapter 10 220 Sniffer Portable Pro
- Page 222 and 223: Chapter 10 Using a Defined Filter U
- Page 224 and 225: Chapter 10 224 Sniffer Portable Pro
- Page 226 and 227: Chapter 10 Drag and drop a symbolic
- Page 228 and 229: Chapter 10 Setting Filter Options i
- Page 230 and 231: Chapter 10 Setting Filter Options i
- Page 232 and 233: Chapter 10 Add or Edit Pattern Dial
- Page 234 and 235: Chapter 10 234 Sniffer Portable Pro
- Page 236 and 237: Chapter 10 Specify one or more netw
- Page 238 and 239: Chapter 10 Setting Filter Options i
- Page 240 and 241: Chapter 10 240 Sniffer Portable Pro
Displaying Captured Data<br />
8 Click OK to start the search. If a pattern match is found, the packet<br />
containing the pattern will be displayed in the Decode Display.<br />
Press F3 to search for the next packet.<br />
Searching for Frames Matching Packet Status Flags<br />
To search for packets with a a particular Status flag:<br />
1 Display the Find Frame dialog box using any of the following<br />
commands:<br />
Select Find Frame from the Display menu.<br />
Select Find Frame from the Decode tab’s context menu<br />
(activated by right-clicking anywhere on the Decode tab).<br />
Use the Alt-F3 keyboard shortcut.<br />
2 Click the Status tab.<br />
3 Select the status flag(s) to search for.<br />
4 Click Up or Down to specify the search direction.<br />
5 Click OK. If a frame with one of the specified flags is found, the<br />
frame containing the will be displayed in the Decode Display. Press<br />
F3 to search for the next packet matching the same criteria.<br />
NOTE: Some Status flags require an enhanced driver to detect.<br />
Because Sniffer <strong>Portable</strong> <strong>Professional</strong> no longer includes enhanced<br />
drivers for Ethernet, searching for the corresponding Status flag will<br />
often produce no results.<br />
For descriptions of the various possible packet status flags, see Packet<br />
Status Flags in the Summary Pane on page 185.<br />
User’s <strong>Guide</strong> 193