Further set your filter with visual logic diagram rather than type complicated codes.
We have discussed the meaning of capturing packets and the significance of setting filters in last my tutorial about filter setting.
Before you starting to capture packets, you need to set your filter to make sure you capture the packets you want. Setting up the filter simply by IP addressed, ports and protocols can meet most of your demands. However, sometimes you are working in a huge Network where there are thousands of computers and you want to analyze some doubtful packets from a certain IP. You may need to set a certain port number or protocol type at the same time. Simple setting is not capable of accomplishing such kind of task.
In this case, the multiple combinations of several kinds of restrictions are needed. If you are using tool like Wireshark, you may need to have well knowledge of Wireshark codes and grammars so that you could set its filter. AthTek NetWalk is an excellent network monitor tool which has aggregated the whole functions of Wireshark for both of new or professional administrators.
When you open the setting window of filter (tools next filter manager) and create a new filter, AthTek NetWalk will show you a visual logic diagram including “And”, “Or” and “Not”.
For example, capturing packets from IP “192.168.1.X” which is sent through protocol IPv4 or IPv6:
- Click the “+” button to create a new filter:
- Organize restrictions in the diagram. Add “And” and “Or” properly:
- Add “And”
- Add “Or”:
- Add more restrictions to set more details including Flow, Pattern, Value, Length and Error.
It is convenient for you to set your filter and show your logic in a simple and clear way which can enhance the accuracy and efficiency meanwhile.
More questions please visit our website:http://www.athtek.com/netwalk.html