Cisco Systems NAM, 5 manual Editing a Software Capture Filter, To edit software capture filters

Chapter 4 Capturing and Decoding Packet Data

Sessions

1.The application filter can be used to filter on the highest layer of the protocol parsing; that is usually a layer 4 protocol (based on port). If you want to filter on the transport protocol (for example, UDP or TCP), you will need to use the “IP Protocol” selector. Selecting, for example, TCP in the “IP Protocol” selector will filter on all packets using TCP.

Note The parameters described in the table above are independently evaluated by the NAM. Therefore, the NAM will allow you to enter parameters that are contradictory, but you will not be able to get meaningful results if they do not match.

For example, the parameters Network Encapsulation and Source/Destination Address are independently evaluated. If a filter is specified with contradicting parameters such as “Network Encapsulation=IP4” and “Source Address=an IPv6 address”, it will never match any traffic, and the result will be 0 packets captured.

Step 4 Click the Submit button to create the filter, or click Cancel to close the dialog box without creating a software filter.

Editing a Software Capture Filter

To edit software capture filters:

Step 1 Choose Capture > Packet Capture/Decode > Sessions.

The Software Filters box is displayed at the bottom of the page.

Step 2 Choose the filter to edit, then click Edit.

The Software Filter dialog box (see Table 4-5 on page 4-9) is displayed.

Step 3 Enter information in each of the fields as appropriate.

Step 4 Do one of the following:

•To apply the changes, click Submit.