New inline filters are added in QM5452 or older version
Users can utilize Inline Search to effectively filter packets according to source or destination IPv4 and IPv6 addresses, as well as source or destination port numbers and protocols. Below, you'll find reference examples of potential entries to guide you in this process.
Inline Filter File
The following content explains step by step guide for using an inline search filter file in the packet search.
Upload Filter File
On your local system, open TextEditor, enter filter syntax in BPF format and save it as .txt
example: ((tcp[8:4]\&0xffffffff == 0) and (tcp[tcpflags] \& tcp-syn != 0))
Upload the file to the packet search
Click the search button
Filter File Search
Uploaded filter files are stored in the system. You can go to ‘FilterFile’ and select the file for your search. You can also delete the file from this section.
File Entry shows the contents of the file you selected. To use the filter, click the ‘Confirm Selection’ button.
Filter Strings
The following table displays examples of inline search criteria
Inline Search Criteria | Examples | |
---|---|---|
1 | IPv4 address | src host 192.168.1.10 and dst host 25.29.83.222 |
2 | IPv6 address | src host 192.168.1.10 or src host fffe:f221::2231:dec3::1f:1 |
3 | Source IP only | src host 192.168.1.10 |
4 | Destination IP only | dst host 25.29.83.222 |
5 | Port Number | src port 80 and dst port 443 |
6 | Port-range but exclude port 2144 | portrange 2120-2155 and not port 2144 |
7 | Protocol and Port Number | not arp and not src port 7634 and dst port 2159 |
8 | Exclude protocol | not tcp and src host fffe:f221::2231:dec3::1f:1 !sctp and (src host 10.192.168.7 or src host ffe:84::8) |
9 | Protocol and IP | tcp and src host fffe:f221::2231:dec3::1f:1 |
10 | Protocol and Multiple IP | tcp and (src host fffe:f221::2231:dec3::1f:1 or src host |
11 | Port and IP | src host 192.168.1.10 and dst host 25.29.83.222 and src port 80 and dst port 443 |
12 | Protocol Port and Multiple IP | !icmp and port 443 and (src host 10.192.168.7 or src host ffe:84::8) |
13 | Port Portrange and IP | portrange 2123-2152 and not port 2144 and ip host 10.41.33.3 |
14 | Subnet | net 192.168.1.0/24 net 192.168.1.0 mask 255.255.255.0 |