Surveyor User's Guide

7-8

Surveyor

User’s Guide

Multiple Byte Patterns in Filter Templates

Filter templates can be “several templates in one.” For example, HTTP, TELNET,

and SNMP are provided as single filter templates, but they consist of both source

and destination ports. In other words, the template itself contains an OR condition,

and will capture a packet whether it appears in the offset for the source port or the

offset for the destination port.

An example

Template Description window is shown below. The HTTP port as the

source or destination will be selected by the filter template. Two byte patterns are

defined:

First Pattern Second Pattern

Offset Pattern Offest Pattern

12 0800 12 0800

23 06 23 06

34 0050 36 0050

Figure 7-2. Template Description Window Showing a Macro Filter

Creating Custom Filter Templates

Custom filter templates are created from the

Filter Design window. Custom filter

templates display under Custom_Templates in the

Available Filter Templates

box of this window. Custom templates allow precise control over the information

captured or displayed.

Custom templates are created by modifying a pre-defined template or by directly

entering values in the correct offsets in the

Current Filter Template Display area.

Custom Templates Based on Pre-Defined Templates

Custom filter templates can be created by selecting a pre-defined template and add-

ing conversations or port numbers. For example, assume you want to filter HTTP

packets going to or coming from a station. You could select the HTTP filter template

and enter the station you want to filter on in the

Add Conversation to Template area.