Filter types
The following table contains the filter types available for creating simple and advanced filters. Not all filter types are available for creating simple filters.
Filter Type
|
Description
|
---|---|
802.11
|
Filters by channel, data rate, encryption state and more, based on information provided in the headers of 802.11 WLAN packets.
|
Address
|
Filters by identity of the network node, either receiving or sending, for that packet. This can be a physical address, or a logical address under a particular protocol.
You can use the asterisk * character as a wildcard when specifying addresses. The program will replace the asterisk with its most inclusive equivalent.
Address filters support CIDR for the IP address space. You can use the /x designation to define a smaller range of addresses (Subnet) on which to filter.
|
Analysis Module
|
Packets handled by the specified Analysis Module will match the filter.
|
Application
|
Filters by application.
|
Channel
|
Filters by adapter for LiveCapture port.
|
Country
|
Filters by country.
|
Direction
|
For WAN connections, allows you to match traffic bound in the to DTE direction (coming in from the WAN) or in the to DCE direction (going out onto the WAN).
|
Error
|
Filters by one or more of four error conditions: CRC errors, Frame Alignment errors, Runt packets, and Oversize packets.
|
Length
|
Filters by the length of the packet and matches those within the range you set, specified in bytes.
|
Pattern
|
Filters by the presence of a particular character string (ASCII. hexadecimal, EBCDIC format, or regular expression) in each packet. Can be constrained to search within a specified location for greater efficiency.
|
Port
|
Filters by port (or socket) within a particular protocol. IP, FTP, and HTTP provide services at different ports or sockets on the server. The default port for Web traffic under TCP, for example, is port 80. Omnipeek assumes that sub-protocols are using the standard default ports (well known ports in TCP and UDP, for example), but you can also set filters to test explicitly for traffic to and/or from particular ports, or from a range of ports (e.g., 80-100). When creating filters with multiple ports, you may use any combination of port numbers and names and a space, comma, or semi-colon as port delimiters (e.g., ‘http; ftp, 23 67’ could be used in a filter).
|
Protocol
|
Filters by protocol and sub-protocols. For example, FTP is a sub-protocol of TCP, which is itself a sub-protocol of IP.
|
tcpdump
|
Filters against a pcap-filter expression. A pcap-filter expression is made up using the guide found at http://www.manpagez.com/man/7/pcap-filter/.
|
Value
|
Filters by numerical value of a particular part of each packet (at a particular offset with a particular mask) for its relation (greater than, less than, equal to, and so forth) to the value you specify.
|
VLAN-MPLS
|
Filters by VLAN IDs and MPLS labels.
|