Packet Filtering: Catching the Cool Packets

Overview

Address filtering is used to capture traffic to and from a specific device based on its hardware or protocol address. Address filters are also used to catch traffic to the broadcast, multicast and (in the case of IPv6) anycast addresses.

Whenever I go onsite, I start capturing all traffic to get a feel for the 'talkers' on the network. Once this is done, I can focus in on the top talkers or talkers that are sending unusual traffic.

First let's look at the three most common types of filters that are used:

• MAC address filters

• IP address filters

• IPX address filters

In this chapter, we’re focusing on the easy method of building basic address filters. In Chapter 4, we’ll go over some more advanced filters.