Programmable Filtering
Transport Control Protocol / Internet Protocol (TCP/IP)
The previous example showed how to filter all Ethernet frames that contained an IP protocol packet. However, IP is used as the
For this example, the discrimination of the Transport Layer used within an IP packet will be demonstrated. This requires an AND function, since we want to filter data that both is IP and contains TCP information.
Within the IP frame, there is a single octet field that may be used to indicate the protocol of the Transport layer, or the protocol of the data in the IP packet. If TCP were the protocol within the IP packet, this octet, or
The location of this field, remembering that the start of the Ethernet frame is always the base reference, is octet 23.
Filter only TCP/IP
To filter only those packets that are TCP/IP, the mask would therefore be:
The
Filter all IP without TCP traffic
To filter all IP packets that do not contain TCP traffic, the mask would be:
Filter all except TCP/IP
To filter all other packets except TCP/IP packets, the mask would be:
Local Area Transport (LAT)
The Local Area Transport (LAT) protocol is used exclusively by DEC for terminal access between DEC hosts and terminal servers located on an Ethernet network.
This example is similar to the Internet Protocol example described previously.
The protocol type field value that is used for LAT frames is equal to 6004.
Filter all LAT
Therefore, to filter all LAT frames, the filter mask would be:
Filter all but LAT
To filter all frames but LAT frames, the filter mask would be:
