filterpackets - Choose which packets you want
Stream containing a packet field.
Packets that match the defined rule are emitted here.
Packets that do not match the filter rule are emitted here.
Many time you will not be needing a majority of the packets on a network; this tool will allow you to filter unnecessary packets from the packet stream. Per default it rejects all packets, so to get started you will need to fill in some options.
|
Note
|
A common mistake on this tool is to fill in an IP address, and then wonder why there are no accepted packets. The reason for this is that there are still no port numbers allowed, so fill in a star (*) in the port filter will likely get you what you want. The same problem exists the other way around, by not filling in an IP address, only a port number. |
If alice wants to see what is going on on her FTP service, which is running on port 21, she will benefit from using a packet filter that is only allowing packets for port 21 to pass through to the FTP tool. This will decrease the amount of CPU time spent looking for FTP tracffic.
Limits the protocols accepted by the filter. Possible protocols are TCP, UDP, and ICMP.
The IP addresses of packets, which are allowed for further data processing (either sender or recipient of packets). Packets are accepted if they match any IP address in the list.
Each entry can be:
A single IP address (e.g. 192.168.1.1)
A range of IP addresses (e.g. 192.168.1.0-192.168.1.255)
A wildcard expression (e.g. 192.*.*.*)
Port numbers the traffic must be either to or from. Packets are accepted if they match any entry in the list. Port numbers only apply to packets of of protocol TCP or UDP.
Each entry can be:
A single port number (e.g. 80)
A range of port numbers (e.g. 80-89)
All port numbers (*)