Filters

Owned by Yuki Bradley Kondo
Last updated: Jun 11, 2024 by Michael Francisco
2 min read

The filtering capabilities in the Interactive Search feature offer users a powerful way to analyze and visualize traffic data.

Shortcodes

Commonly used filter syntax templates are pre-defined and saved here. Click the Shortcodes field to use, edit, and delete these shortcodes.

Inline Search

You can use Inline Search to filter packets based on source or destination IPv4 and IPv6 address, source or destination Port number, and Protocol. You can either use BPF filter Syntax or tshark/Wireshark display filter syntax to filter the packets by manually typing the syntax on the Inline Search field or by using shortcodes and templates.

Payload Expression

Payload Expression field contains the word, “content”. Search will filter only those packets that contain the word, “content”, in its payload data. Payload expressions can take in regular strings with characters from a-z A-Z 0-9 or by using regular expressions RegEx.

Examples of regular expressions:

Type of Data

Example

Regular Expression

Type of Data

Example

Regular Expression

Phone Number (US)

800-999-0165

[0-9][0-9][0-9]-[0-9][0-9][0-9]-[0-9][0-9][0-9][0-9]

Date Format

Thu, 07 Sep 2023 14:33:15

Thu, (([0-2][0-9])|3[0-1]) Sep 202[0-3] [0-2][0-4]:[0-5][0-9]:[0-5][0-9]

HTTP Code

HTTP/1.1 200 OK

HTTP/[0-1].[0-1] 200 OK

HTTP Code

HTTP/1.1 304

HTTP/[0-1].[0-1] 30[0-9]

HTTP Code

HTTP/1.1 403  

HTTP/[0-1].[0-1] 40[0-9]

 

 

Filter

Shows all the nodes or only 10% of the traffic with nodes having the large number of packets.

  • All

  • 10%

Criteria

You can choose to sort by packet count or by byte count.

  • Packet Count

  • Byte Count

Node Options

You can hide/highlight selected information from the Nodal graph.

  • Hide IP/MAC/HOST

  • MAC address match

  • Hide Tooltip

Zoom Criteria

The feature allows you to pan to specific nodes in an iterative fashion. You can move to the next and previous nodes. Once a new Criteria has been selected, the “cursor” resets.

  • Top Talkers option, can iterate through the top talkers

  • Searched Nodes, iterates through nodes you’ve double-clicked.

  • IP Highlight iterates through highlighted nodes.

150+ Supported protocols, including:

ARP, ATM, ASTERIX, AR_DRONE, BGP, BITCOIN, BITTORRENT, BOOTP, BMC, CFLOW, CUPS, DHCP DIAMETER, DNS, EIGRP, ERSPAN, FC, FCOE, FTP, GPRS, GRE, GTP, GTPV2, H.265, H.323, HDFS, HTTP, HTTP2, HTTPS(SSL), ICMP, IGMP, IRC, ICMP/V6, IP, IPV6, ISCSI, LAPD, LDAP, LLC, MAC, M3UA, MMS, MQTT/SN, MPLS, NETBIOS, NFS, NTP, NSTRACE, OPENFLOW, OSFP, PTP, POP, PPPOE, QUIC, RANAP, RPC, RSS, SSL, SCTP, SDH, SFLOW, SIP, SKYPE, SMB, SMTP, SNMP, SSH, STP, SYSLOG, TACACS, TACPLUS, TCP, TFTP, TLS, UDP, UDPENCAP, USERLOG, VLAN, VNC, VTP, WEBSOCKET, WLAN, WOL, WMX,  X11, X.509, XML, YAML, YPBIND