Filter
Top Products
Director
34
Have we achieved our goal of sending all the TCP trafc to Monitor Port 2? Not quite. What happens when an TCP
packet arrives from 192.186.10.0? It matches the lter at CAM address 1, so it is copied to Monitor Port 1. But that is
all that happens; it does not go to Monitor Port 2. The ow is correctly shown in the following diagram.
Monitor Port 2
Protocol =
TCP
Network Port 5
Monitor Port 1
Source IP =
192.186.10.0
match
no match
lter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
lter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
CAM
Address Filter
1 n1.5 ip_src=192.186.10.0 m.1
2 n1.5 ip_proto=TCP m.2
Correct ow diagram for two interacting ltersFigure 36:
To achieve the desired result of sending all TCP trafc to Monitor Port 2, clear the existing lters (lterdiscard
command) and create three new lters by entering:
lteraddin_ports=n1.5ip_src=192.186.10.0ip_proto=6action=redirredir_ports=m.1,m.2
lteraddin_ports=n1.5ip_src=192.186.10.0action=redirredir_ports=m.1
lteraddin_ports=n1.5ip_proto=6action=redirredir_ports=m.2
ltercommit
The ow diagram now looks as follows.
Monitor Port 2
Protocol =
TCP
Network Port 5
Monitor Port 1
Source IP =
192.186.10.0
lter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1,m.2
lter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
lter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
match
+
no match
Source IP =
192.186.10.0
&
Protocol=
TCP
no match
+
CAM
Address Filter
1 n1.5 ip_src=192.186.10.0 ip_proto=TCP
m.1,m.2
2 n1.5 ip_src=192.186.10.0
3 n1.5 ip_proto=TCP m.2
Correct way to send all TCP trafc to Monitor Port 2Figure 37:
Now, packets that match both the IP address and protocol conditions are copied to both monitor ports, while packets
that match only one of the conditions are directed to the desired monitor port.