Configuring capture filter

The Configuring capture filter page allows configuration of number of bytes to be captured per packet.

  1. Go to Diagnostics > Packet capture and click Configure.
  2. Enter details to configure the capture filter.
    Number of bytes to capture (per packet)
    Specify the number of bytes to be captured per packet.
    Wrap capture buffer once full
    Enable to continue capturing the packets even after the buffer is full. When the checkbox is enabled, the packet capturing starts again from the beginning of the buffer.
    Enter BPF string
    Specify a BPF string. BPF (Berkeley Packet Filter) sits between link-level driver and the user space. BPF is protocol independent and use a filter-before-buffering approach. It includes a machine abstraction to make the filtering efficient. For example, host 192.168.1.2 and port 137. Refer to BPF string parameters for filtering specific packets.
    Table 1. BPF string parameters
    How to check packets of the Example
    specific host host 10.10.10.1
    specific source host src host 10.10.10.1
    specific destination host dst host 10.10.10.1
    specific network net 10.10.10.0
    specific source network src net 10.10.10.0
    specific destination network dst net 10.10.10.0
    specific port port 20 or port 21
    specific source port src port 21
    specific destination port dst port 21
    specific host for the particular port host 10.10.10.1 and port 21
    the specific host for all the ports except SSH host 10.10.10.1 and port not 22
    specific protocol proto ICMP, proto UDP, proto TCP
  3. Click Save.