Filter
Top Products
Director
28
Create Filters
Filters process a trafc stream by selecting packets based on criteria in the packet header. A lter is dened using a
lteraddcommand, which also species the Network ports and Monitor ports the lters apply to. The lteradd
command species the following behavior:
Trafc is aggregated from all the listed Network ports•
Then the lter parameters are applied•
Packets which match all of the specied lter parameters are copied to all of the listed Monitor ports, assuming •
the action=redir.
If the action=drop, the matching packets are not copied to any Monitor port; this mechanism is used to create •
exclusive lters.
TosendMonitorPort1alltrafcreceivedatNetworkPort5fromIPaddresses192.168.10.0 to 192.168.10.15:
Enter 1. lteraddin_ports=n1.5ip_src=192.168.10.0ip_src_mask=255.255.255.240action=redirredir_
ports=m.1. A lter has been dened to select all IPv4 packets from Network Port 5 with a source IP addresses
of 192.168.10.0 and the lowest four address bits masked out (ignored); packets matching the lter are copied to
Monitor Port 1.
Enter 2. ltercommit. The lter is activated.
Network Port 5 Monitor Port 1
Source IP =
192.168.10.0 -
192.168.10.15
lter add in_ports=n1.5 ip_src=192.168.10.0 ip_src_mask=255.255.255.240 action=redir redir_ports=m.1
Simple IP address lterFigure 26:
TocreatealterthatselectsIPv4packetsbyprotocol:
Enter 1. lteraddin_ports=n1.3ip4_prot=3action=redirredir_ports=m.6,m.8. A lter has been dened to select
all IPv4 packets that use the TCP protocol received at Network Port 3 and copy them to Monitor Port 6 and Monitor
Port 8. (Protocols are designated by an industry-standard numbering system. See Appendix C for details.)
Enter 2. ltercommit. The lter is activated.
Network Port 3
Protocol =
TCP
Monitor Port 6
Monitor Port 8
lter add in_ports=n1.3 ip4_prot=3 action=redir redir_ports=m.6,m.8
Simple IPv4 protocol lter (with regeneration)Figure 27:
Available lter parameters are listed in Appendix B and include:
ip_proto IP protocol•