SonicWALL TZ 190 Configuring Display Filter Settings

System > Packet Capture

115

SonicOS Enhanced 4.0 Administrator Guide

Configuring Display Filter Settings

This section describes how to configure packet capture display filter settings. The values that

you provide here are compared to corresponding fields in the captured packets, and only those

packets that match are displayed. Display filter settings include the following:

• Interface on your SonicWALL appliance

You can specify up to ten interfaces separated by commas. Refer to the Network >

Interfaces screen in the UI for the available interface names. You can use a negative value

to configure all interfaces except the one(s) specified; for example: !X0, or !LAN.For the TZ

190, you could specify WAN, LAN, WWAN, OPT, or !WWAN, !OPT.

• Ethernet type of the packets that you want to display

You can specify up to ten Ethernet types separated by commas. Currently, the following

Ethernet types are supported: ARP, IP, PPPoE-SES, and PPPoE-DIS. The latter two can

be specified by PPPoE alone. This option is not case-sensitive. For example, to display all

supported types, you could enter: ARP, IP, PPPOE. You can use one or more negative

values to display all Ethernet types except those specified; for example: !ARP, !PPPoE.

You can also use hexadecimal values to represent the Ethernet types, or mix hex values

with the standard representations; for example: ARP, 0x800, IP. Normally you would only

use hex values for Ethernet types that are not supported by acronym in SonicOS Enhanced.

See “Supported Packet Types” on page 122.

• IP type of the packets that you want to display

You can specify up to ten IP types separated by commas. The following IP types are

supported: TCP, UDP, ICMP, GRE, IGMP, AH, ESP. This option is not case-sensitive. You

can use one or more negative values to display all IP types except those specified; for

example: !TCP, !UDP. You can also use hexadecimal values to represent the IP types, or

mix hex values with the standard representations; for example: TCP, 0x1, 0x6. See

“Supported Packet Types” on page 122.

• Source IP addresses from which to display packets

You can specify up to ten IP addresses separated by commas; for example: 10.1.1.1,

192.2.2.2. You can use one or more negative values to display packets with all but the

specified source addresses; for example: !10.3.3.3, !10.4.4.4.

• Source port(s) from which to display packets

You can specify up to ten port numbers separated by commas; for example: 20, 21, 22, 25.

You can use one or more negative values to display packets with all but the specified

source ports; for example: !80, !8080.

• Destination IP address(es) for which to display packets

You can specify up to ten IP addresses separated by commas; for example: 10.1.1.1,

192.2.2.2. You can use one or more negative values to display packets with all but the

specified destination addresses; for example: !10.3.3.3, !10.4.4.4.

• Destination port(s) for which to display packets

You can specify up to ten port numbers separated by commas; for example: 20, 21, 22, 25.

You can use one or more negative values to capture packets with all but the specified

destination ports; for example: !80, !8080.

• Bidirectional address and port mapping

When this option is selected, IP addresses and ports specified in either the source or

destination fields are matched against both the source and destination fields in each

packet.

• Packet status values