Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Users can utilize Inline Search to effectively filter packets according to source or destination IPv4 and IPv6 addresses, as well as source or destination port numbers and protocols. Below, you'll find reference examples of potential entries to guide you in this process.

Table of Contents

Inline Filter File

The following content explains step by step guide for using an inline search filter file in the packet search.

Upload Filter File

  1. On your local system, open TextEditor, enter filter syntax in BPF format and save it as .txt

    • example: ((tcp[8:4]\&0xffffffff == 0) and (tcp[tcpflags] \& tcp-syn != 0))

  2. Upload the file to the packet search

  3. Click the search button

...

Filter File Search

Uploaded filter files are stored in the system. You can go to ‘FilterFile’ and select the file for your search. You can also delete the file from this section.

...

File Entry shows the contents of the file you selected. To use the filter, click the ‘Confirm Selection’ button.

...

Filter Strings

The following table displays examples of inline search criteria

...

Inline Search Criteria

Examples

1

IPv4 address

src host 192.168.1.10 and dst host 25.29.83.222

2

IPv6 address

src host 192.168.1.10 or src host fffe:f221::2231:dec3::1f:1

3

Source IP only

src host 192.168.1.10

4

Destination IP only

dst host 25.29.83.222

5

Port Number

src port 80 and dst port 443

6

Port-range but exclude port 2144

portrange 2120-2155 and not port 2144

7

Protocol and Port Number

not arp and not src port 7634 and dst port 2159

8

Exclude protocol

not tcp and src host fffe:f221::2231:dec3::1f:1

!sctp and (src host 10.192.168.7 or src host ffe:84::8)

9

Protocol and IP

tcp and src host fffe:f221::2231:dec3::1f:1

10

Protocol and Multiple IP

tcp and (src host fffe:f221::2231:dec3::1f:1 or src host
fffe:f221::2231:dec3::1f:2 or src host fffe:f221::2231:dec3::1f:3)

11

Port and IP

src host 192.168.1.10 and dst host 25.29.83.222 and src port 80 and dst port 443

12

Protocol Port and Multiple IP

!icmp and port 443 and (src host 10.192.168.7 or src host ffe:84::8)

13

Port Portrange and IP

portrange 2123-2152 and not port 2144 and ip host 10.41.33.3

14

Subnet

net 192.168.1.0/24

net 192.168.1.0 mask 255.255.255.0

...