Filters let you focus on specific traffic. If you want to check a problem between two particular devices, perhaps a computer and a printer, address filters can capture just the traffic between these two devices. If you are having a problem with a particular function on your network, a protocol filter allows you to focus on traffic related to that particular function.
Filters work by testing packets against the criteria specified in the filter. Packets whose contents meet these criteria match the filter. You can build filters to test for just about anything found in a packet: addresses, protocols, sub-protocols, ports, error conditions, and more. Filters are so easy to create in that you can often create a custom filter on-the-fly while analyzing suspect traffic on your network.
Enabling a Filter
In addition to the filters that you create, the Omnipeek and the Capture Engines include numerous pre-defined filters. You can enable one or more filters when capturing or monitoring packets.
To enable filters when capturing packets:
- Click the Filters view in a capture window.
- Select the filter or filters that you want to enable.Note: For a Capture Engine, you will need to send your selections to the Capture Engine by clicking the bar below the toolbar icons labeled Click here to send changes.
- Click Start Capture to begin capturing packets. Any packets that match the filters that are enabled are placed into the capture buffer.
Alternately, you can choose to place the packets that do not match the filter in the capture buffer by clicking Reject Matching.
Creating Filters With the Make Filter Command
You can use the Make Filter command to easily create a filter based on the address, protocol, and port settings of an existing packet, node, protocol, conversation, or packet decode.
To create a filter with the Make Filter command:
- Right-click a packet, node, protocol, conversation, or packet decode item from one of the views available in a capture window and choose Make Filter. The Insert Filter dialog appears with the Address, Protocol, and Port settings already configured with the information from the packet that was selected.
- Enter a new name in the Filter text box and make any additional changes.
- Click OK. The new filter is now available whenever a list of available filters is displayed.
- To enable the new filter in your capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.
Creating a Simple Filter
You can create a simple filter by manually entering the parameters for the filter that you want to create. Unlike creating a filter using the Make Filter command, you will have to manually define the parameters (address, protocol, and port settings) for the filter you want to create.
To create a simple filter by defining an address and protocol:
- Do one of the following to open the Filters view:
- On the View menu, click Filters (filters for local captures only)
- Click the Filters view in an open capture window
- Click the Filters options from the Capture Engine Capture Options
dialog
- Click Insert. The Insert Filter dialog appears.
- Give your new filter a name.
- Complete the address, protocol, or port setting information and click OK. The new filter is now available whenever a list of available filters is displayed.
- To enable the new filter in your capture window, click the Filters view and select the check box of the new filter. The filter is applied immediately, even if a capture is already under way.