Chapter 9. Logging

Packet Type Selection

You can limit the selection to only allowed packets or rejected/discarded packets, or a subset of these. For example, you can select allowed, un-NAT:ed packets only.

IP Address Selection

You can limit the selection by specifying certain IP addresses.

In these fields, enter a single IP address (e. g., 10.3.27.3), a range of IP addresses (e. g., 10.3.27.1-10.3.28.254), an IP address followed by a netmask (e. g.,10.3.27.0/24), a combi- nation of these, or nothing at all. If a field is empty, all IP addresses are selected.

If you want to study all traffic except the one to or from a specific computer or group of computers, enter the IP address(es) here and mark the "not this address" box.

The selection can be modified by the control boxes under the fields A and B:

A src

Packets from the IP address in field A matches. Field B is ignored.

A dst

Packets to the IP address in field A matches. Field B is ignored.

A any

Packets to or from the IP address in field A matches. Field B is

 

ignored.

A to B

Packets from A to B matches.

B to A

Packets from B to A matches.

Between A&B

Packets from A to B, or from B to A, matches.

not this combination

Packets that do not match the given combination of A and B are

 

shown in the log.

If you, for example, want to study all packets to or from 10.3.27.18, except those to the file server 10.3.27.2, you should fill in the form like this:

Protocol/Port Selection

You can limit the selection by specifying certain protocols.

All IP protocols

No restriction regarding protocols.

TCP/UDP

When selecting TCP or UDP, you can choose all packets or packets to certain ports only.

In these fields, you can enter a single port number (32), a range of port numbers (1-1023), a list of port numbers and ranges separated by commas (53, 1024-65535) or nothing at all. If

139

Page 147
Image 147
HP VCX Software manual Packet Type Selection, IP Address Selection, Protocol/Port Selection, All IP protocols