Advantages to set filter before using a network packet sniffer:
First of all, we should confirm what kind of data we need before start capturing data, so as to set the filter settings to capture the specific data packet in a short time, while all the data packets will be captured without this step.
About the filter settings in detail:
Take Colasoft Capsa for example, I’ll show you the process of the filter setting.
1. On the toolbar in the main software interface, Open the “Project Settings” by clicking the “Filter”:
2. The default setting on this page is “No filter, accept all packets.” We have to choose “Add” to add new filter. There are two options under “Add” – “New…” & “From Filter Tale…”. “New…” means add a new filter; “From Filter Table” means to add the condition from the default filter list in the system. As shown in the following figure:
3. This is a default protocol filter list in the system. We can add the protocol or protocol assemble that we need here to capture the related packets. If we choose “Add”→ “New…”, it is shown as the following figure:
4. Add new filter is divided into 2 ways: “Simple Filter” & “Advanced Filter”. In the upper figure we can see that there are 3 filter ways in the simple filter: Address Filter, Port Filter, Protocol Filter: (they are relatively simple)
5. What we should focus on is the “Advanced Filter”. Click “Advanced Filter”, it shows:
Advanced Filter supply 3 logical relationship “And”, ”Or”, “Not” to assemble the different added conditions, and, In the drop-down menu:”And” & “Or” supplying 6 filter conditions:
e.g. If we want to set a filter that capture all the hosts who are using MSN messenger and Yahoo messenger in a network (192.168.1.10—192.168.1.16), we can set the filter as follows:
e.g. If you want to set filter of the packet value, packet size, or packet pattern, you can set the filter according to the condition of the packet decoding. For example, if we want to capture all the Synchronous Connection TCP packets, we can set filter as follows:
After we know, During the TCP decoding process, the length of the flag is 1 byte, the offset value in the packet is 47, mask is 0x02, binary value is 10, then we can capture all the synchronous packets in the network according to the upper filter set.
Conclusion:
In short, the settings of filter is flexible. We can capture the specific packets in a short time according to the filter setting, in order to carry out fixed-point analysis.
About Capsa
Capsa is packet sniffer software designed for network monitoring and troubleshooting purposes. It performs real-time packet capturing, 24/7 network monitoring, advanced protocol analyzing, in-depth packet decoding, and automatic expert diagnosing. By giving users insights into all of the network's operations, Capsa makes it easy to isolate and solve network problems, identify network bottleneck and bandwidth use, and detect network vulnerabilities, external attacks and insecure applications.
About Colasoft
Ever since 2001, Colasoft has been dedicated in providing all-in-one and easy-to-use network analysis software for customers to monitor, analyze, and troubleshoot their network. Up to now, more than 4000 customers in over 70 countries trust the flagship product – Capsa as their network monitoring and troubleshooting solution. The company also offers four free network utilities: Colasoft Packet Builder, Colasoft Packet Player, Colasoft MAC Scanner, and Colasoft Ping Tool. Learn more today at http://www.colasoft.com
