Packetyzer - Filtering Packets

How to make a filter to capture or display packets in the Packetyzer Protocol Analyzer

Filtering Packets

Packetyzer’s filtering is very powerful. It is possible to filter on addresses, both MAC and IP, by protocol, by port number, and to add expressions such as equal to, not equal to, and so on. Very complex Filters may be built up by combining elements.

Capture and Display Filters are identical in Packetyzer. Packetyzer uses the same syntax as Ethereal Display Filters.

To modify and delete Filters see Packetyzer working with Filters.

Capture Filters

Only packets that match the criteria set in the enabled Filters will be captured. The Packet Received counter increments confirming that traffic is being seen by the adapter, the Packets Filtered counter shows how many packets have passed the Filters.

Making a Simple Capture Filter

See also Create Filter from packet, for details of how to use a captured packet as a template for a new Filter.

Step 1 Run Packetyzer

Step 2 Click the Filters Tab on the Main Screen

Note: It does not matter if the Capture Filter tab or the Display Filter tab is selected.

Step 3 Click the Create a new filter button

The Filter Designer dialog box appears.

Filtering by Address

Step 1 Click the Address filter box

Step 2 Select an Address Type, (IP or Ethernet)

Step 3 Optionally select a Direction, (Either Direction, 1 to 2, or 2 to 1)

Step 4 Select an Address from the drop down list or type an Address

Step 5 Click OK

Filtering by Protocol

Step 1 Click the Protocol filter box

Step 2 Click the Protocol... button

A list of Protocols appears.

Step 3 Select a Protocol

Step 4 Click OK

Filtering by Port number

Step 1 Click the Port filter box

Step 2 Select a Type, (TCP or UDP)

Step 3 Optionally select a Direction, (Either Direction, 1 to 2, or 2 to 1)

Step 4 Select a known port from the drop down list, or type a value

Note: If you wish to specify both ports click the Port 2 radio button select a known port from the drop down list, or type a value.

Step 5 Click OK

Note: You can build a more complex Filter by combining any or all of the above options.

Applying a Filter

Once you have built Filters you will want to apply them to either the Capture or Display.

Step 1 Click the Filters tab

Step 2 Select the Capture Filter or Display Filter tab

Step 3 Click on the Filters you require

Step 4 Click Apply

If these are Capture Filters press the Start Capture button. If these are Display Filters the packet list will be filtered immediately.

Note: Display Filters affect the view of the packet list, they do not delete packets from the original file. To see the full list simply remove the ticks from the Display Filters.

Filter Example

In this example we will make a simple filter to capture ARP (Address Resolution Protocol) packets.

Step 1 Run Packetyzer

Step 2 Click the Filters Tab on the Main Screen

Note: It does not matter if the Capture Filter tab or the Display Filter tab is selected.

Step 3 Click the Create a new filter button

The Filter Designer dialog box appears.

Step 4 Type a name for the Filter

For this example type the name ARP.

Step 5 Click the Protocol filter box

Step 6 Click the Protocol... button

Step 7 Select Address Resolution Protocol

Step 8 Click OK

The new ARP filter appears in the list.

To apply the Filter perform the steps below.

Step 9 Tick the box to the left of the ARP Filter

Step 10 Click Apply

The details of the Filter appear in the Current Filter box.

Note: You can tick more than one Filter. The details of all the selected Filters appear in the Current Filter box.

---

About Us | Privacy Policy | Terms & Conditions | Site Map | Blog | Contact us | Customer Testimonials
CHAT WITH US | CALL US: 0800 612 1357 | EMAIL US: sales@openxtra.co.uk
Copyright © 2003-2008 OPENXTRA Limited All Rights Reserved. OPENXTRA Limited, Building Society Chambers, Wesley Street, Otley, LS21 1AZ.
Company registration number: 4641663. VAT No: GB808975581. WEEE Registration: WEE/EK0053TQ