Packet Filtering: Catching the Cool Packets


Ok… so you really don't want to build all these protocol filters one by one. Most analyzers have a brain-dead way to export/ import filters. I say 'braindead' because they are lousy. In one case, Sniffer, you need to fool the system by renaming files and then importing the files you want. On Etherpeek, the system can't import individual filters out of a set - you have to import them all.

Appendices C and D show how to export/import filters on Sniffer and EtherPeek.

What happens if the protocol in which you are interested is not listed in the protocol list? Well, in that case, you need to go to Chapter 4 and start working with pattern filters.

In the chapter test, you'll make some protocol filters and discuss the pros and cons of using these predefined filters.


Категории