Cisco Systems 5, NAM Editing a Software Capture Filter

4-11

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 4 Capturing and Decoding Packet Data

Sessions

Note The parameters described in the table above are independently evaluated by the NAM.

Therefore, the NAM will allow you to enter parameters that are contradictory, but you will not

be able to get meaningful results if they do not match.

For example, the parameters Network Encapsulation and Source/Destination Address are

independently evaluated. If a filter is specified with contradicting parameters such as “Network

Encapsulation=IP4” and “Source Address=an IPv6 address”, it will never match any traffic, and

the result will be 0 packets captured.

Step 4 Click the Submit button to create the filter, or click Cancel to close the dialog box without creating a

software filter.

Editing a Software Capture Filter

To edit software capture filters:

Step 1 Choose Capture > Packet Capture/Decode > Sessions.

The Software Filters box is displayed at the bottom of the page.

Step 2 Choose the filter to edit, then click Edit.

The Software Filter dialog box (see Table 4-5 on page 4-9) is displayed.

Step 3 Enter information in each of the fields as appropriate.

Step 4 Do one of the following:

• To apply the changes, click Submit.

VLAN Identifier(s) The 12-bit field specifying the

VLAN to which the packet belongs.

Choose a VLAN Range or enter from one to four individual

VLAN IDs.

For better performance, use as narrow a range as possible. The

VLAN ID can range from 1-4095.

Application1Select the Application radio button

to filter by application.

Select one or more protocols to capture from the Application

drop-down list.

Use Shift + Click to select multiple protocols.

Port Select the Port radio button to filter

by Port.

In the Source Port(s) field, enter one or more ports separated by

commas.

In the Destination Port(s) field, enter one or more ports separated

by commas.

From the IP Protocol pull-down menu, choose TCP, UDP, or

SCTP. No selection (default) means that any will be allowed.

1. The application filter can be used to filter on the highest layer of the protocol parsing; that is usually a layer 4 protocol (based on port). If you want to

filter on the transport protocol (for example, UDP or TCP), you will need to use the “IP Protocol” selector. Selecting, for example, TCP in the “IP

Protocol” selector will filter on all packets using TCP.

Table 4-5 Software Filter Dialog Box (continued)

Field Description Usage Notes