Manuals / Brands / Computer Equipment / Network Router / Cisco Systems / Computer Equipment / Network Router

Cisco Systems 5, NAM Tips for Creating Custom Decode Filter Expressions

1 230

Download 230 pages, 7 Mb

4-25

User Guide for the Cisco Network Analysis Module (NAM) Traffic Analyzer, 5.0

OL-22617-01

Chapter 4 Capturing and Decoding Packet Data

Viewing Packet Decode Information

Step 4 Do one of the following:

• To create the filter, click Submit.

• To cancel filter creation, click Cancel.

Tips for Creating Custom Decode Filter Expressions

You can construct custom decode filter expressions using the following logical and comparison operators

listed in Table 4-12.

You can also group subexpressions within parentheses. You can use the following fields in filter

expressions:

Data Pattern The data to be matched with the packet. Enter hh hh hh ..., where hh are hexadecimal numbers from

0-9 or a-f.

Leave blank if not applicable.

Filter Expression An advanced feature to set up complex filter

conditions.

The simplest filter allows you to check for the

existence of a protocol or field. For example,

to see all packets that contain the IPX

protocol, you can use the simple filter

expression ipx.

See Tips for Creating Custom Decode Filter Expressions,

page 4-25.

Table 4-11 Custom Decode Filter Dialog Box (continued)

Field Description Usage Notes

Tab l e 4-12 Logical and Comparison Operators

Operator Meaning

and Logical AND

or Logical OR

xor Logical XOR

not Logical NOT

== Equal

!= Not equal

>Greater than

Field Filter By Format

eth.addr

eth.src

eth.dst

MAC address hh:hh:hh:hh:hh:hh, where h is a hexadecimal number from 0 to 9 or a

to f.

ip.addr

ip.src

ip.dst

IP address n.n.n.n or n.n.n.n/s , where n is a number from 0 to 255 and s is a

0-32 hostname that does not contain a hyphen.

Contents

Main Page CONTENTS Page Page Page Page Page Page Page About This Guide Chapter Overview Audience Conventions Notices Obtaining Documentation and Submitting a Service Request Page Overview Introducing NAM Traffic Analyzer 5.0 Dashboards Logical Site New Application Classification Architecture Standards-Based NBI NetFlow v9 Data Export Historical Analysis SNMP v3 Support -- NAM to Router/Switch Support Overview of the NAM Platforms Logging In Navigating the User Interface Common Navigation and Control Elements Menu Bar Detailed Views Context Menus Quick Capture Interactive Report Chart View / Grid View Mouse-Over for Details Zoom/Pan Charts Page Context-Sensitive Online Help Understanding How the NAM Works Page Understanding How the NAM Uses SPAN Understanding How the NAM Uses VACLs Understanding How the NAM Uses NDE Understanding How the NAM Uses WAAS Configuration Overview Page Configuring and Viewing Data Cisco WAAS NAM Virtual Service Blade Setting Up The NAM Traffic Analyzer Default Functions Traffic Analysis Application Response Time Metrics Voice Signaling/RTP Stream Monitoring Traffic Usage Statistics Traffic SPAN About SPAN Sessions Page Page Creating a SPAN Session Page Editing a SPAN Session Deleting a SPAN Session Data Sources SPAN ERSPAN Enabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Enabling Auto-Creation of ERSPAN Data Sources Using the CLI Disabling Auto-Creation of ERSPAN Data Sources Using the Web GUI Disabling Auto-Creation of ERSPAN Data Sources Using the CLI Creating ERSPAN Data Sources Using the Web GUI Creating ERSPAN Data Sources Using the CLI Deleting ERSPAN Data Sources Using the Web GUI Deleting ERSPAN Data Sources Using the CLI Configuring ERSPAN on Devices VACL Configuring VACL on a WAN Interface Configuring VACL on a LAN VLAN NetFlow Understanding NetFlow Interfaces Understanding NetFlow Flow Records Managing NetFlow Data Sources Configuring NetFlow on Devices Page Enabling Auto-Creation of NetFlow Data Sources Using the Web GUI Enabling Auto-Creation of NetFlow Data Sources Using the CLI Disabling Auto-Creation of NetFlow Data Sources Using the Web GUI Disabling Auto-Creation of NetFlow Data Sources Using the CLI Creating NetFlow Data Sources Using the Web GUI Page Creating NetFlow Data Sources Using the CLI 2-26 assigned to the new device, you will need it to create the data source! shown here: Step 8 Enter ? to see all the command options available, as in the example below: Step 9 Enter the device ID from Step 4 (required): Deleting NetFlow Data Sources Using the Web GUI Deleting NetFlow Data Sources Using the CLI Testing NetFlow Devices WAAS Understanding WAAS Response Time Monitoring from WAAS Data Sources Monitoring Client Data Sources Monitoring WAN Data Sources Monitoring Server Data Sources Deployment Scenarios Managing WAAS Devices Adding Data Sources for New WAAS Device Editing WAAS Data Sources Deleting a WAAS Data Source Auto Create of New WAAS Devices Hardware Deduplication Alarms Alarm Actions Alarm Action Configuration Editing Alarm Actions Deleting Alarm Actions Thresholds Setting Host Thresholds Setting Conversation Thresholds Setting Application Thresholds Setting Response Time Thresholds Setting DSCP Thresholds Setting RTP Stream Thresholds Setting Voice Signaling Thresholds Setting NDE Interface Thresholds Editing an Alarm Threshold Deleting a NAM Threshold User Scenario Data Export NetFlow Viewing Configured NetFlow Exports Configuring NetFlow Data Export Page Editing NetFlow Data Export Scheduled Exports Editing a Scheduled Export Deleting a Scheduled Export Custom Export Managed Device Device Information Page NBAR Protocol Discovery Network Sites Definition Rules Specifying a Site Using Subnets Specifying a Site Using WAE devices (WAAS Data Sources) Specifying a Site Using Multiple Rules Resolving Ambiguity (Overlapping Site Definitions) Viewing Defined Sites Defining a Site Page Subnet Detection Editing a Site NDE Interface Capacity Creating an NDE Interface DSCP Groups Creating a DSCP Group Editing a DSCP Group Deleting a DSCP Group Classification Applications Creating a New Application Editing an Application Deleting a Protocol Application Groups Creating an Application Group Editing an Application Group Deleting an Application Group URL-based Applications Example Editing a URL-Based Application Deleting a URL-based Application Encapsulations Monitoring Aggregation Intervals Response Time Voice RTP Filter URL Enabling a URL Collection Changing a URL Collection Disabling a URL Collection WAAS Monitored Servers Adding a WAAS Monitored Server Deleting a WAAS Monitored Server Monitoring and Analysis Navigation Context Menus Interactive Report Saving Filter Parameters Traffic Summary Response Time Summary Site Summary Alarm Summary Page Analyzing Traffic Application Hosts Detail Host Applications Detail NDE Interface Traffic Analysis Viewing Interface Details DSCP Detail DSCP Application Groups Detail URL Hits Viewing Collected URLs Filtering a URL Collection List Host Conversations Network Conversation Top Application Traffic Page Application Traffic By Host WAN Optimization Top Talkers Detail Application Performance Analysis Transaction Time (Client Experience) Traffic Volume and Compression Ratio Average Concurrent Connections (Optimized vs. Passthru) Multi-Segment Network Time (Client LAN - WAN - Server LAN) Response Time Page Page Application Response Time Network Response Time Server Response Time Client Response Time Client-Server Response Time Server Application Responses Server Application Transactions Server Network Responses Client-Server Application Responses Client-Server Application Transactions Client-Server Network Responses Managed Device Interface Interfaces Stats Table Interface Statistics Over Time Health Switch Health Chassis Health Chassis Information Crossbar Switching Fabric Ternary Content Addressable Memory Information Router Health Router Health Router Information NBAR Media RTP Streams Purpose Monitoring RTP Streams Voice Call Statistics Calls Table Page RTP Conversation Page Page Capturing and Decoding Packet Data Sessions Viewing Capture Sessions Configuring Capture Sessions Page Page Software Filters Creating a Software Filter Page Page Editing a Software Capture Filter Hardware Assisted Filters Configuring a Hardware Filter VLAN VLAN and IP IP IP and TCP/UDP IP and Payload Data Payload Data Files Page Analyzing Capture Files Error Scan Downloading Capture Files Deleting a Capture File Deleting Multiple Files Viewing Packet Decode Information Browsing Packets in the Packet Decoder Filtering Packets Displayed in the Packet Decoder Viewing Detailed Protocol Decode Information Using Alarm-Triggered Captures Custom Display Filters Creating Custom Display Filters Page Tips for Creating Custom Decode Filter Expressions Editing Custom Display Filters Deleting Custom Display Filters Page User and System Administration System Administration Resources Network Parameters SNMP Agent Working with NAM Community Strings Creating NAM Community Strings Deleting NAM Community Strings Testing the Router Community Strings System Time Synchronizing the NAM System Time with the Switch or Router Synchronizing the NAM System Time Locally Configuring the NAM System Time with an NTP Server E-Mail Setting Web Data Publication Capture Data Storage Creating NFS Storage Locations Configuring the NFS Server Configuring the NFS Storage Location on the NAM Editing NFS Storage Locations Creating iSCSI Storage Locations Editing iSCSI Storage Locations Syslog Setting SNMP Trap Setting Creating a NAM Trap Destination Editing a NAM Trap Destination Deleting a NAM Trap Destination Preferences Diagnostics System Alerts Audit Trail Tech Support User Administration Local Database Recovering Passwords Changing Predefined NAM User Accounts on the Switch or Router Creating a New User Editing a User Deleting a User Establishing TACACS+ Authentication and Authorization Configuring a TACACS+ Server to Support NAM Authentication and Authorization Configuring a Cisco ACS TACACS+ Server Adding a NAM User or User Group Configuring a Generic TACACS+ Server Current User Sessions NAM Traffic Analyzer 5.0 Usage Scenarios Deployment Deploying NAMs in the Branch Deploying NAMs for Voice/Video applications Deploying NAMs for WAN Optimization Deploying Multi-NAM Consolidation Autodiscovery Capabilities of NAM Creating Custom Applications Utilizing Sites to Create a Geographically Familiar Deployment Integrating NAM with Third Party Reporting Tools Integrating NAM with LMS Monitoring Understanding Traffic Patterns at the Network Layer Understanding Traffic patterns for DiffServ-Enabled Networks Using NAM to Evaluate Application-Level Performance Monitoring for TCP-Interactive Applications Using NAM to Evaluate Application-Level Performance Monitoring for UDP Realtime Applications Troubleshooting Using NAM for Problem Isolation Using NAM for SmartGrid Visibility APPENDIX A Troubleshooting General NAM Issues Error Messages Packet Drops NAM Not Responding NAM Behavior WAAS Troubleshooting Page APPENDIX B Supported MIB Objects Supported MIBs Page Page Page INDEX A C D E F G H I M O P R S T U V W