Surveyor User's Guide
7-1
Chapter 7
7 Capture and Display Filters
For most data analysis operations, you’ll want to look at only a subset of all data.
Filters allow you to select and count data in just about any way you can imagine.
Capture filters allow you to capture a subset of the network data. Display filters
allow you to view a subset of the data you have already captured. They can be used
to refine your view of captured information. For example, you might choose to cap-
ture all packets sent/received by a specific IP network station. Later, you might
decide you want to look at the data for specific types of packets that are flowing
through the station. A display filter allows you to view this subset of captured data.
Surveyor uses a layered approach to developing filters. If you want a simple filter,
all filter options can be specified from a single window. However, if you need to
create an advanced filter with multiple states and searches to refine exactly what
you’re looking for, Surveyor supports a complete filtering language.
Example filters are provided to give you an idea of the types of filters that can be
created. This section describes both Capture and Display Filters; the minor differ-
ences are noted in the text.
Getting Started with the Filter Interface
For most users, filters can be created and applied from a single window. The over-
view below describes a simple way to get started with the interface.
1. Select the resource you want to filter from the Resource Browser.
2. Press the
Detail View button.
3. Press the
Create/Modify Capture Filter button to bring up the
Filter Design window.
4. Click on a pre-defined filter template from the
Available Filter Templates box.
The data pattern for the filter template you have selected will display in the
Current Filter Template Display area. Suggestion: Try HTTP to collect HTTP
traffic only.