Capture Filter dialog box
This dialog box displays the capture filter decision tree and helps you to specify the frames that you want to capture. You can also load filters that were previously designed and saved to a file. By doing this, you avoid creating filters every time you want to capture filtered data.
You can use the following controls to make changes to the decision tree.
- SAP/ETYPE =
- Double-click this line to specify protocols that you want to capture in frames.
- AND (Address Pairs)
- Double-click this line to filter on computer address pairs.
You can specify as many as three address pairs.
- AND (Pattern Matches)
- Double-click this line to capture only frames that contain a specified pattern at a specified offset.
You can specify as many as four pattern matches.
- Add
- Use the buttons in this group box to add criteria to the capture filter.
- Address
- Click to open the Address Expression dialog box, which you can use to specify the address pairs of the computers between which you want to capture data.
- Pattern
- Click to open the Pattern Match dialog box, which you can use to capture only those frames containing a specific pattern of ASCII or hexadecimal data.
- Insert
- Use the buttons in this group box to add operators to the capture filter.
- OR
- Click to add an OR branch to the capture filter decision tree. This option is available only for pattern matches.
- NOT
- Click to add a NOT branch to the decision tree or to remove a branch of the tree. This option is available only for pattern matches.
- Edit
- Click to edit the line that is currently selected in the capture filter.
- Delete
- Click to delete the line that is currently selected in the capture filter.
- Load
- Click to open the Load Capture Filter dialog box, which you can use to replace the current capture filter with one that has been saved to a file.
- Save
- Click to open the Save Capture Filter dialog box, which you can use to save the current capture filter as a file.
Notes
- In the address portion of a capture filter, EXCLUDE statements take logical precedence over INCLUDE statements. Regardless of the sequence in which statements appear in the Capture Filter dialog box, Network Monitor evaluates EXCLUDE statements first. Therefore, in a filter containing both an EXCLUDE and an INCLUDE statement, if a frame meets the criteria specified in an EXCLUDE statement, Network Monitor discards the frame without testing it against the INCLUDE statement to see whether the frame also meets the criteria of the INCLUDE statement.
- When you close the capture filter, Network Monitor optimizes the logic you used in the Pattern Matches branch of the capture filter decision tree. Therefore, when you re-open the capture filter, it might look different from when you created it. For example, if you define multiple pattern match statements, Network Monitor automatically processes them with an implicit OR operator and removes any explicit OR operators between such statements.
Related Topics
