The filtering capabilities in the Interactive Search feature offer users a powerful way to analyze and visualize traffic data.
Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
Shortcodes
Commonly used filter syntax templates are pre-defined and saved here. Click the Shortcodes field to use, edit, and delete these shortcodes.
...
You can use Inline Search to filter packets based on source or destination IPv4 and IPv6 address, source or destination Port number, and Protocol. You can either use BPF filter Syntax or tshark/Wireshark display filter syntax to filter the packets by manually typing the syntax on the Inline Search field or by using shortcodes and templates.
...
Payload Expression field contains the word, “content”. Search will filter only those packets that contain the word, “content”, in its payload data. Payload expressions can take in regular strings with characters from a-z A-Z 0-9 or by using regular expressions RegEx.
Examples of regular expressions:
Type of Data | Example | Regular Expression |
---|---|---|
Phone Number (US) | 800-999-0165 | [0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9] |
Date Format | Thu, 07 Sep 2023 14:33:15 | Thu, (([0-2][0-9])|3[0-1]) Sep 202[0-3] [0-2][0-4]:[0-5][0-9]:[0-5][0-9] |
HTTP Code | HTTP/1.1 200 OK | HTTP/[0-1].[0-1] 200 OK |
HTTP Code | HTTP/1.1 304 | HTTP/[0-1].[0-1] 30[0-9] |
HTTP Code | HTTP/1.1 403 | HTTP/[0-1].[0-1] 40[0-9] |
Filter
Shows all the nodes or only the 10% of the traffic with nodes having the large number of packets.
All
10%
Criteria
You can choose to sort by packet count or by byte count.
...
The feature allows you to pan to specific nodes in an iterative fashion. You can move to the next and previous nodes. Once a new Criteria has been selected, the “cursor” resets.
Top Talkers option, can iterate through the top talkers
Searched Nodes, iterates through nodes you’ve double-clicked.
IP Highlight , iterates through highlighted nodes.
150+ Supported protocols, including:
ARP, ATM, ASTERIX, AR_DRONE, BGP, BITCOIN, BITTORRENT, BOOTP, BMC, CFLOW, CUPS, DHCP DIAMETER, DNS, EIGRP, ERSPAN, FC, FCOE, FTP, GPRS, GRE, GTP, GTPV2, H.265, H.323, HDFS, HTTP, HTTP2, HTTPS(SSL), ICMP, IGMP, IRC, ICMP/V6, IP, IPV6, ISCSI, LAPD, LDAP, LLC, MAC, M3UA, MMS, MQTT/SN, MPLS, NETBIOS, NFS, NTP, NSTRACE, OPENFLOW, OSFP, PTP, POP, PPPOE, QUIC, RANAP, RPC, RSS, SSL, SCTP, SDH, SFLOW, SIP, SKYPE, SMB, SMTP, SNMP, SSH, STP, SYSLOG, TACACS, TACPLUS, TCP, TFTP, TLS, UDP, UDPENCAP, USERLOG, VLAN, VNC, VTP, WEBSOCKET, WLAN, WOL, WMX, X11, X.509, XML, YAML, YPBIND
...