Creating custom filter templates, Creating custom filter templates -8 – Finisar Surveyor User Manual

7-8

Surveyor

User’s Guide

Multiple Byte Patterns in Filter Templates

Filter templates can be “several templates in one.” For example, HTTP, TELNET,

and SNMP are provided as single filter templates, but they consist of both source

and destination ports. In other words, the template itself contains an OR condition,

and will capture a packet whether it appears in the offset for the source port or the

offset for the destination port.
An example

Template Description

window is shown below. The HTTP port as the

source or destination will be selected by the filter template. Two byte patterns are

defined:

First Pattern

Second Pattern

Offset

Pattern

Offest

Pattern

12

0800

12

0800

23

06

23

06

34

0050

36

0050

Figure 7-2. Template Description Window Showing a Macro Filter

Creating Custom Filter Templates

Custom filter templates are created from the

Filter Design

window. Custom filter

templates display under Custom_Templates in the

Available Filter Templates

box of this window. Custom templates allow precise control over the information

captured or displayed.
Custom templates are created by modifying a pre-defined template or by directly

entering values in the correct offsets in the

Current Filter Template Display

area.

Custom Templates Based on Pre-Defined Templates

Custom filter templates can be created by selecting a pre-defined template and add-

ing conversations or port numbers. For example, assume you want to filter HTTP

packets going to or coming from a station. You could select the HTTP filter template

and enter the station you want to filter on in the

Add Conversation to Template

area.