Director
• | ip_dst | IP destination address |
• ip_dst_mask | IP source address mask | |
• | ip_proto | IP protocol |
• l4_src_port | Layer 4 source port | |
• l4_dst_port | Layer 4 destination port | |
• | vlan | VLAN number |
Create Complex Filters
Multiple filter parameters can be specified in a single filter add command. Packets must satisfy all of the filter parameters to be selected; in other words, the filter parameters have a logical AND connection.
To select all TCP traffic arriving from IP address 192.186.10.0:
1.Enter filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4 TCP packets from Network Port 5 with a source IP address of 192.186.10.0; packets matching the filter are copied to Monitor Port 1.
2.Enter filter commit. The filter is activated.
Network Port 5 |
| Source IP = |
| Protocol = |
| Monitor Port 1 |
192.186.10.0 |
| TCP |
| |||
|
|
|
|
lter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1
Figure 28: Logical AND filter connection
A logical OR connection can be made between filters by specifying multiple filters with the same Network and Monitor port lists.
To select all packets which are either TCP or UDP protocol:
1.Enter filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.1. A filter has been defined to select all IPv4
TCP packets from Network Port 5 and copy them to Monitor Port 1.
2.Enter filter add in_ports=n1.5 ip_proto=17 action=redir redir_ports=m.1. Another filter has been defined to select all IPv4 UDP packets from Network Port 5 and copy them to Monitor Port 1.
3.Enter filter commit. The filters are activated.
29
*** Confidential - DO NOT Distribute ***