Configuring capture filter

The Configuring capture filter page allows configuration of number of bytes to be captured per packet.

  1. Go to Diagnostics > Packet capture and click Configure.
  2. Enter details to configure the capture filter.
    Number of bytes to capture (per packet)
    Specify the number of bytes to be captured per packet.
    Wrap capture buffer once full
    Enable to continue capturing the packets even after the buffer is full. When the checkbox is enabled, the packet capturing starts again from the beginning of the buffer.
    Enter BPF string
    Specify a BPF string. BPF (Berkeley Packet Filter) sits between link-level driver and the user space. BPF is protocol independent and use a filter-before-buffering approach. It includes a machine abstraction to make the filtering efficient. For example, host and port 137. Refer to BPF string parameters for filtering specific packets.
    Table 1. BPF string parameters
    How to check packets of the Example
    specific host host
    specific source host src host
    specific destination host dst host
    specific network net
    specific source network src net
    specific destination network dst net
    specific port port 20 or port 21
    specific source port src port 21
    specific destination port dst port 21
    specific host for the particular port host and port 21
    the specific host for all the ports except SSH host and port not 22
    specific protocol proto ICMP, proto UDP, proto TCP
  3. Click Save.