Filter rules

The following table contains the rules available for creating filters.

Table 9-1. Filter rules
Filter Rule
Description
Tests the identity of the network node, either receiving or sending, for that packet. This can be a physical address, or a logical address under a particular protocol.
Protocol rules let you include certain types of traffic belongs to a specified protocol. Two kinds of protocols are supported, Ethernet II and IPv4.
Port rules let you include certain types of traffic between a communicating pair of ports.
Tests the numerical value of a particular part of each packet (at a particular offset with a particular mask) for its relation (greater than, less than, equal to, and so forth) to the value you specify.
Tests for the presence of a particular character string (hexadecimal or ASCII) in each packet. Can be constrained to search within a specified location for greater efficiency.
Tests the length of the packet and matches those within the range you set, specified in bytes.
Tests for one or more of four error conditions: CRC errors, Packet Alignment errors, Runt packets, and Oversize packets.

Filter rules