nettl.1m (2010 09)
n
nettl(1M) nettl(1M)
Trace Fil ters
Trace filters are a filter criteria applied on trace packets before actually capturing them. The filter cri-
teria is an expression consisting of a combination of header fields, (link level, TCP/IP and so on) specified
in the filter configuration file. Packets that pass the filter criteria are captured; all other packets are dis-
carded.
Packets to be captured are selected according to the following table.
th_flags==?? | captured packets
SS
AA
F (No packet)
P (No packet)
SA S, A, SA
FA FA, A
PA PA, A
FPA FA, PA, A, FPA
SFPA S, A, SA, FA, PA, FPA
Filter Configuration File
This file is used to configure the filters. Entries in the file have the following syntax:
subsystem subsystem_name filter expression
The filter expression can be constructed using operands and operators.
The supported filter operands are:
Operand Description Format/Range
mac_src Source Mac Address Hex Format Eg.0xffffffffffff
mac_dst Destination Mac Address
Hex Format, Range: 0x05dd to 0xffffmac_type Ethernet type
ip_src Source IP Address Dot notation or hostname
ip_dst Destination IP Address
Octal, Hex or Decimal Format,
Range: 0-255
ip_p IP Protocol
Octal, Hex or Decimal Format,
Range: 1-65535, service name (eg, ftp,
telnet, etc)
th_sport TCP source port
th_dport TCP destination port
Single value or combination of: S, F,
P, R, A, U
th_flags TCP flags
uh_sport UDP source port
uh_dport UDP destination port
Octal, Hex or Decimal Format,
Range: 0-255
icmp_type ICMP type
Octal, Hex or Decimal Format,
Range: 0-255
icmp_code ICMP code
The supported operators are ==, !=, <, <=, >, and >=.
Note that the
= (single equal) operator is not supported.
Logical operators that are supported are
|| and &&. The logical operators are used to combine the indi-
vidual filters for a subsystem.
Not all operators are allowed on all operands. For operands
mac_type, th_flags, ip_p,
icmp_type, and icmp_code the supported operators are limited to == and !=. All operators are sup-
ported for the other operands.
The supported operands for the respective subsystems are:
Subsystem Supported Operands
Link level subsystems All the operands
8 Hewlett-Packard Company − 8 − HP-UX 11i Version 3: September 2010