|
|
Before you start a data capture session or create a custom domain, you must determine the type and extent of the data to collect for display and analysis. You select an appropriate filter to screen the incoming data when you start a data capture session or create a custom domain.
TrafficDirector includes several predefined filters for most data capture and domain requirements. If you need filtering parameters that are not available in the predefined filters, you can use Filter Editor to edit a filter or create a new filter to meet your requirements.
To collect only selected data, you can create a set of filters that are either inclusive or exclusive, and that pass, capture, and store only the packets that meet the filter criteria. You start with a filter format that uniquely describes the specific characteristics of the frame that must be matched to accept or reject data packets from the data capture buffers.
When you have created a filter, you must insert it into the filter definition used for the data capture session.
Before you start adding or modifying filters, you should be aware of the different ways you can specify field values. Except for the filter name, which is required, the remaining fields are optional; define only those fields that fit your needs.
TrafficDirector includes an extensive listing of filter formats. Each format has many fields that correspond to definable areas in different packet types.
You can choose from two filter types: physical or logical. The filter type depends on the filter format you select. A physical filter is topology-specific. This means that the filter criteria you define must be used with a specific media type, and is applied to frames at fixed positions.
The predefined physical filters are as follows:
You can use a logical filter on any network. TrafficDirector applies the criteria you specify at the appropriate position in a packet regardless of the topology. Logical filters are useful because they save you work. For example, if you need to apply an IP filter on a Token Ring network and on an Ethernet network, you can define one filter that works on both.
When you define filters, you can use different numeric styles for values: decimal, hexadecimal (hex), binary, or IP address format (dotted). The numeric style you use to specify values depends on: whether the field is single-byte or multi-byte, and whether the field is tied to a certain type, such as MAC address, which accepts only a hex value. To find out whether a field is single-byte or multi-byte, open any predefined filter format file, in your $NSHOME/usr directory. For example, to find out how many bytes are required in the Time to Live field in an IP filter format, you would enter the following from your $NSHOME/usr directory:
type ip.ff
The filter format file (ip.ff) is displayed, showing the fields defined for the IP filter type, the number of bytes required for each field, and any specific value type associated with a field (such as MACADDR, the MAC address type).
You can specify the following numeric types in single-byte fields, keeping in mind any restrictions as noted:
In multiple-byte fields, you can specify the following numeric types, keeping in mind any restrictions as noted:
To add a new filter, take the following steps:
Step 1 Click the Filter Editor icon in the TrafficDirector main window.
The Filter Editor window opens (Figure 13-1).
Step 2 Select Edit>New Filter.
The New Filter window opens (Figure 13-2).
Step 3 Enter a name for the new filter in the Filter Name field. Specify up to eight letters, numbers, dashes, or underscores. The name must begin with a letter.
Step 4 Select a format from the Filter list box, then click Select Format.
The Add Filter window changes to display all the field names that apply to the filter format you selected. Depending on your selection, you might see only three fields or two pages of fields. For example, if you selected the TCP filter format, the New Filter window displays field names for all the rectangles shown in the window, and the PgDn button is enabled. You can click this button to see the rest of the fields available for defining the filter. Click PgUp to toggle back to the first page of the window.
Step 5 Enter field information as needed. Some fields may already contain values.
Step 6 Click OK to add the filter and display it in the filter list.
To edit an existing filter definition, take the following steps:
Step 1 Click the Filter Editor icon in the TrafficDirector main window.
The Filter Editor window (Figure 13-1) opens.
Step 2 Select the filter you want to edit from the filter list.
Step 3 Click Edit.
The Edit Filter window opens. This window is the same as the New Filter window, except that the fields are already filled in with the values you last specified.
Step 4 Edit the fields you want to change.
Step 5 Click OK to create the new filter or click Cancel to quit.
When you no longer need a filter, you can delete the filter definition to conserve system resources. To delete a filter definition from the filter list, take the following steps:
Step 1 Click the Filter Editor icon in the TrafficDirector main window.
The Filter Editor window opens (Figure 13-1).
Step 2 Select the filter you want to delete from the filter list.
Step 3 Click Delete.
Step 4 Click OK to delete the filter definition, or click Cancel to quit without deleting the filter definition.
|
|