Capture and Display Filters 7

Creating Filters with Filter Templates

You then save the template. When you save a custom template, Surveyor asks for a custom template name. Surveyor will assign a default name such as Template1 if no name is provided.

Once you create a filter template, its name will appear in the

Custom_Templates section of the Available Filter Templates box. Custom tem- plates can be reused again and again once added to the list of templates. You must use the Add button so the filter template name appears in the Template Combination box for the template to be used in the current filter.

Custom Templates Based on Specification of Byte Patterns

You can create custom templates by entering values in the offsets within the Current Filter Template Display area. The small fields in this area define the data patterns that comprise a filter template. The offset defines the position within the packet to start comparing the packet contents with the values in the pattern. If a match occurs, then this portion of the condition is satisfied. The pattern can be specified as a deci- mal, hexadecimal, or ASCII value.

Use the Data Format pull-down box on the right to specify if the pattern is in deci- mal, hexadecimal, or ASCII. Use the Offset Format pull-down box to specify if the column and row headers display in decimal or hexadecimal. Note that although you can display the data in different formats, all formats use a byte boundary. Only byte quantities can be entered or displayed.

Any specific value you create for filter templates can have “don't care” values. For example, assume you're only looking for FF34 in the first two bytes of the MAC destination address. You could specify the values in your filter as FF34XXXXXX, where X indicates you don't care about the values in the last three offsets. Note that for IP addresses using decimal values you can only use X characters for complete sub-addresses. For example, 128.XXX.2.2 is allowed, but 128.12X.2.2 is not allowed.

The hex or decimal patterns display in black or magenta. The magenta color indi- cates the bytes are a macro pattern, such as the logical OR of two different patterns, or a conversation. Displays in magenta within the Current Filter Template Display area do not provide a complete view of the filter template. The Template Descrip- tion… information box provides complete details about any macro pattern. Use the Template Description… button to see the exact offsets, patterns, and logical opera- tors you have used to create the filter template. Many ASCII patterns have no corre- sponding display character.

Use the Template Description button to see the exact offsets, patterns, and logical operators you have used to create the filter template. See Figure 7-2 for an example of this window.

7-9

Page 144 Page 146
Page 145
Image 145
Finisar Surveyor manual Custom Templates Based on Specification of Byte Patterns
Page 144 Page 146
Top Page Image Contents