Surveyor User's Guide
7-15
Capture and Display Filters
Filter Creation
7
Actions for Display Filters
Table 7-5 shows actions available for display filters:
See Multi-State and Multi-Statement Filters for more information on actions in
multi-state filters.
Counter Conditions for Filters
Press the
Add Counter Condition… button to bring up a dialog box to create a
counter condition. You specify a counter name and a value to test against. When
you specify the counter condition and click the
OK button, the counter condition
appears in the
Template Combination box. Counter conditions are only available
with capture filters.
A counter condition is a special condition for accepting/rejecting a packet based on
a counter value. Logically, a counter condition functions like a filter template. The
settings for counters are “conditional flags” for subsequent actions. For example,
set the counter name to “Counter 1." Set the test value in the >= field to l00. When
Counter 1 reaches 100, the filter will carry out the actions that you have chosen for
subsequent packets.
You can use a counter just like a filter template. For example, you could create the
phrase FTP AND Counter 4 >= 20 in the Template Combination box. This would
select FTP packets when Counter 4 reaches a value of 20. For THGm, one of seven
custom counters can be used as the test counter.
The counter “test values” set in this window are global values. For multi-statement
filters, if you set a counter test value in one statement, if you try to change it in
another statement you will receive a warning message. See Multi-State Filters for
more information on actions in multi-state filters.
Note that if you select the
Add Counter Condition… box, choose a counter, but leave
the “test value” set at 0, the result will be that the filter condition is always true and
all actions will be taken immediately.
Table 7-5. Display Filter Actions
Action Description
Display Packet Display the resultant data.
Change Filter Operation Go to a different filter state for processing the next incoming packet.
The state can be the current state or any other state defined in the dis-
play filter.