Basic Elements of a Packet Filter | 3Com 2200 specs

12-6 CHAPTER 12: CREATING AND USING PACKET FILTERS

Basic Elements of a Packet Filter

Before creating a packet ﬁlter, you must decide which part of the packet you want to ﬁlter. You can ﬁlter Ethernet packets by the destination address, source address, type/length, or some part of the data. You can ﬁlter FDDI packets by the destination address, source address, or some part of the data. A packet ﬁlter operates on these ﬁelds to make ﬁltering decisions. Ethernet and FDDI packet ﬁelds are shown in Figure 12-1.

Destination

Address (6 octets)

octets

06

Type/Length

(Ethernet Type field if > 1500; 802.3 Length field if ≤ 1500)

Ethernet Packet

12

14

25

Source Address		Data
	(6 octets)	(≤ 64 octets of data can be
		examined by the filter)
Destination	Source
Address	Address
(6 octets)	(6 octets)

FDDI Packet

octets

0

6

12

25

Data

(≤ 64 octets of data can be

examined by the filter)

Figure 12-1 Ethernet and FDDI Packet Fields

Image 143

3Com 2200 manual Basic Elements of a Packet Filter, Ethernet and Fddi Packet Fields

Contents

Superstack II Switch Administration Console User Guide 3Com Corporation 5400 Bayfront Plaza Santa Clara, California Contents Online Help Administration Console Interface ParametersRemote Access Parameters Setting Up an IP Interface for Management Setting Baselines Setting PasswordsRebooting the System About Setting Baselines Starting Port Monitoring Setting tmaxLowerBoundSetting lerAlarm Setting lerCutoff Setting the Aging Time 10-9 Setting the Bridge Priority10-7 10-8 Destination Address Filter A-9 Using Groups in Packet Filters Listing Groups13-3 Opcodes A-1 Returning Products for Repair Access by ModemSupport from 3Com World Wide Web Site 3ComForum on CompuServe Interconnected LANs About this GuideIntroduction Familiarity with communications protocols that are used on This Guide How to UseSwitch 2200. The parts of the guide are described in Table This guide Conventions Documents, contact your sales representative for assistance SwitchDocumentation Comments Introduction Conﬁguration Tasks Administration OverviewAbout Switch Administration Adjust the console screen height for your terminal General System Commands Task Quick Command For Details, See Change the factory default baud rate of the Console port To the system, or reset nonvolatile data to defaults Configurations, and spanning tree configurations System Management Setup Commands Task Quick CommandBridging Commands Task Quick Command For Details, See Set the multicast packet firewall threshold Administer bridge port addresses12-1 and following Display bridge port information 9-2 to Ethernet Commands Task Quick Command For Details, SeeA summarized or detailed format 8-3 Fddi Commands Task Quick Command Levels of User HOW to USEInitial User Access Access Select access level read, write, administer Password Using Menus to Perform Tasks System-level Functions Menu Hierarchy for Administer Access Bridge Menu Fddi Menu IP Menu Bridging Menu Hierarchy for Administer Access Analyzer Menu Snmp Menu Menu options are not case sensitive Most abbreviated version of the same command string is Entering Values Parameters AdjustingConsole Interface Disabling Reboot Abort Keys System consoleLock Enter the telnet timeout interval 30 minutes to 60 minutes Running Scripts Administration Console TasksSetting Timeout Interval for Remote Sessions HOW to USE the Administration Console Running Scripts of Administration Console Tasks Console GettingHelp There, by pressing the ESC key Exiting returns you to the password promptTo exit from the Administration Console Exiting SYSTEM-LEVEL Functions Page Management Access to the SystemAbout Setting Up Console Serial Port IP Interface for Setting Up an Broadcast Address Broadcast address Directed all 1s in the host fieldCost Ports All Ip interface modify Removing an Interface Timed out Gateway IP AddressTiming out Defining a Static Route Default route is immediately removed from the routing table Administering the ARP Cache Setting the RIP Mode You could receive one of the following responses Enter the IP address of the station you want to ping Statistics are displayed, as shown in this example Displaying IP StatisticsIP statistics you can view are described in Table Community string settings are displayed as shown here Setting Up Snmp on Your SystemDisplaying Snmp Settings Community string length Administering Snmp Trap Reporting Enter an IP address of the Snmp manager destination address Conﬁguring Trap Reporting Trap address invalid or unreachable This example shows a trap conﬁguration You receive the following prompt Remote SMT events. On all other Switch 2200s in your network Snmp trap smtProxyTraps Displaying System Conﬁguration Example of a Switch 2200 system conﬁguration displayEnvironment Initial passwords Setting Passwords You are prompted for the name of the system Setting the System NameChanging the Date and Time Rebooting Displaying the Current Baseline About SettingYou must disable the baseline Baselines Message similar to the following appears Setting BaselinesBaselining is automatically enabled when a baseline is set Enabling or Disabling Baselines Nonvolatile Data SAVING, RESTORING, and Resetting Nonvolatile DataWorking with Saving NV Data Restoration rules described here RestoringNV Data Saving the NV data System nvData restore You are returned to the NV data menu options Examining a Saved NV Data File You see the following prompt Resetting NV Data to Defaults Ethernet and Fddi Parameters IIIPage Information PortsDisplaying Ethernet Port RxDiscards Describes the information provided about an Ethernet port Disabled Default is enabledLayer to receive them or because the port was disabled Long and are not configurable TxPeakByteRate Second long and are not configurableSuccessfully Transmitted successfully There is no buffer space available Frame is in error TxFrames Frames delivered to this port TxDiscards TxQOverflows Labeling a Port Setting the Port State Fddi Stations AdministeringResources This value can be user-defined Describes these statisticsCan be Thru, Isolated, WrapA, and WrapB ConnectPolicy TraceMaxExp Defaults for connecting to a Port MDescription of Fields for Fddi Station Attributes TNotify Frames NIF. This value can be user-defined Node may not go to Thru state in CFM With defaults for connecting to a Port MNormal tree connection Topology Enabling Disabling Status Reporting Setting Neighbor Notiﬁcation Timer Fddi Paths TraceStatus Current Trace status of the path TvxLowBound Description of Fields for Fddi Path Attributes MaxTReqRingLatency TmaxLowBound Station, which appears in brackets To set tvxLowerBound Fddi MACs Displaying MAC Information Administering Fddi MACs Describes the information provided for the Fddi MAC OldUpstream Error during receptionDescription of Fields for Fddi MAC Attributes OldDownstream Neighbor There is no buffer space available Frame is in error Receive Frame Network Shows the order in which the discard tests are made Setting the Frame Error Threshold Enter the new threshold value. See the following example Setting the Not Copied Threshold Setting MAC Paths Enabling Disabling LLC Service Displaying Port Information Administering Fddi Ports Describes the type of information provided for an Fddi port Setting lerCutoff Setting Port Labels Fddi port path Analysis Roving AnalysisAbout Roving Receive Roving AnalysisOn a speciﬁc system Adding an Analyzer Port Removing an Analyzer Port See the example below for starting port monitoring Starting PortMonitoring You can start monitoring port activity Stopping Port Monitoring Bridging Parameters Information about the bridge is displayed Displaying Bridge Information Each item in the bridge parameter list is described in Table Following example shows a display of bridge information ForwardDelay BridgeFwdDelayLearning states. The default value is 15 seconds Root. The default value is 2 seconds Mode Default value is disabledBridge Attributes Parameter Description MaxAge Is determined by the root bridge Disabling IPX EnablingDisabling IP Fragmentation Aging Time SettingAddress Threshold Enabling and Disabling STP on a Bridge Enter enabled or disabled at the promptSTP Bridge To conﬁgure the STP bridge priority Setting the Bridge Maximum Age To conﬁgure the forward delay value Forward delay The recommended value is 15 seconds Setting the STP Group Address Bridge Port Following example shows a bridge port detail display Following example shows a bridge port summary display BPDUs from the designated bridge for that LAN RxErrorDiscsPort is attached DesignatedCost Exceeded Bridge Port Attributes Parameter Description RxFramesManagement frames RxMcastExcDiscs Blocking The bridge continues to run the Spanning Tree Disabled in which the port is currently operatingDisabled The port has been disabled by management Bridge Port Attributes Parameter Description State Shows the order in which the discard decisions are made Multicast packet ﬁrewall, see Bridging Extensions Multicast LimitYou are prompted for port type On a Port STP Bridge PortEnabling Disabling STP Bridge port stpCost Bridge port stpPriority Listing Addresses Administering Port Addresses You are prompted for one or more addresses to add From the top level of the Administration Console, enterYou are prompted for the port number Enter the number of the port Flushing All Addresses You are prompted for the port numbers Packet Filtering Packet Filters Listing Packet Filters Displaying Packet Filters Creating and Using Packet Filters Describes the instructions and stacks of a packet ﬁlter Ethernet and Fddi Packet Fields Basic Elements of a Packet Filter Want the filter to examine a 48-bit address Constant Packet Filter Operands Description Opcode Packet fieldPushField Size of the field can be 1, 2, 4, or 6 bytes Accept and Reject Instructions Creating Packet Filters 12-9 Preprocessed and Run-time Storage Opcode.size operand... # comment 12-11 Creating and Using Packet Filters # XNS Filtering Section Pseudocode translates into the following packet ﬁlter Enter executable instruction #2 Enter executable instruction #1 Enter executable instruction #6 Enter executable instruction #3Enter executable instruction #4 Enter executable instruction #5 Only IP pkts w/in socket range This combination looks like this Add a not statement to discard any matching packets Maximum length of a packet ﬁlter deﬁnition is 4096 bytes Character One position Delete Current Ctrl+d Command are discardedBeing edited Delete Previous Ctrl+h Packet Filters Deleting Packet FiltersEditing, Checking Saving At the Replace existing filter? prompt Bridge packetFilter load Loading Packet Filters Fddi Unassigning Packet Filters from Ports Address and port groups in packet ﬁlters Configuring Address Port Groups to USE Packet FiltersUsing Groups User-deﬁned Packet Filtering in the SuperStack II Switch To list the currently deﬁned groups, enter this command OR, for port groups, enter the following command Displaying Groups Enter this command Creating New Groups Address 08-32-45-e3-32-21 Enter the ports in this syntax Port Ethernet Ports to Groups AddingAddresses Address 08-37-21-65-78-c4 Enter the ports in the syntax Removing Addresses or Ports from a GroupTo remove an address from a group, enter OR, to remove a port from a group, enter Address 08-42-21-84-78-f1 Loading Groups 13-11 Configuring Address and Port Groups to USE in Packet Filters Appendixes Name name Packet Filter OpcodesOpcodes Opcodes are described in this section Bytes PushLiteral.size value PushField.size offset Byte PushTopByte PushSAGM Byte PushDAGM Byte Eq equal PushSPGMByte PushDPGM Byte Le less than or equal to Ne not equalByte Lt less than Byte Bit-wise Gt greater thanByte Ge greater than or equal to Byte Accept Or bit-wise orByte Xor bit-wise exclusive-OR Byte Not Byte Shiftr shift right RejectByte Shiftl shift left Packet ﬁlter concepts Packet FilterExamples Address XNS To make a copy of the type ﬁeldPage Common Syntax Errors Number with a leading 0 is treated as octal Characters of the numberNumber with a leading 0x or 0X is treated as Hexadecimal Through the following online systems ServicesVariety of services. This appendix describes these services Online Technical Press Return to see the 3ComForum main menu Access by Isdn Supplier Maintenance, application training, and support servicesSupport from Your Network Support contracts are available from 3Com U.S. and Canada, call 800 876-3266 for customer serviceTo ﬁnd your authorized service provider 3Com ARP cache ﬂushing 3-12 removing entry Address Resolution Protocol. See ARP address thresholdIndex 3ComFacts B-3 3ComForum B-2 Abort Cost Multicast limit, setting 11-7 Spanning Tree EnablingStatistics, displaying 10-1bridge port Fddi port SRFs 8-2 Connection policies, settingPortState Station MAC addresses 11-11Ethernet address Fddi path deﬁned Enabling Le opcode A-5 Removing from -9, 3-10 status Multicast frames Packet ﬁlters 12-1multicast limit Name opcode A-1 Naming the Switch 2200 4-3ne opcode A-5On-line technical services B-1opcode Password conﬁguring Fddi ports 8-19ping IP station Broadcast address 3-4default mode 3-12displaying stateRlogin Port LER Condition Port Path Change Snmp agent Accessing through IP 3-1deﬁned Snmp trapSMT event Snifﬁng. See roving analysis and analyzer Packet ﬁlter 12-12, 12-14, A-11 xor opcode A-7 SwitchDeﬁned 8-7 setting TOpr Technical support B-1telnet