<HTML> <HEAD> <TITLE>KSnuffle: Packet Filtering</TITLE> </HEAD> <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000"> <FONT FACE="Helvetica"> <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A> <BR> <HR noshade> <DIV ALIGN=right> <A HREF="index-4.4.html">Next</A> <A HREF="index-4.2.html">Previous</A> <A HREF="index.html#toc4">Table of Contents</A> </DIV> <BR> <H3> <A NAME="ss4.3"></A>4.3 Packet Filtering </H3> <P> Network packets can be filtered with a program that is passed to the underlying packet capture code. The filter program is specified on the <I>Filter/triggers </I>page, in the <I>Packet Filter </I>tab. Simple filter programs can be specified by selecting various options as described below. More complicated filters are the same as those passed on the command line to the <A HREF="man:tcpdump(8)">tcpdump(8)</A> command, and have to be entered directly. </P> <P> <A HREF="filters.html" target="Filters/Triggers">Click for full size image</A><IMG SRC="filters_s.png"> </P> <P> The <I>Use program</I> checkbox controls whch if the above two cases applies; to enter full <A HREF="man:tcpdump(8)">tcpdump(8)</A> filter programs, it should be checked. Note that controls in the <I>program</I> area are enabled and disabled as appropriate, however, the program generated in simple mode is shown in the bottom-most field (and can then be edited if <I>Use program</I> is checked. </P> <UL> <LI><B>Protocols</B><BR> The first field specifies the network protocol (eg., <B>arp</B>, <B>atalk</B>); if left blank that all protocols are passed, while <B>ip</B> allows only Internet protocols. The second field specifies an Internet protocol; currently only <B>tcp</B> and <B>udp</B> are supported, while blank allows both to be passed. </LI> <LI><B>Combination</B><BR> The <B>and</B>/<B>or</B> control applies if values are entered in both of the two lines below. <B>And</B> indicates that packets are passed if both lines are true, while <B>or</B> passes packets if either line is true. A line is considered to contain values if either the second (host) or third (port/service) field is non-blank. </LI> <LI><B>Host selection</B><BR> Up to two hosts and/or ports can be specified. The first control in the line has three options, <B>Host</B> means the packet has the host/port as either its source or its destination, while <B>srce</B> and <B>dest</B> mean that the host/port must match the source or destination respectively. The second control in the line specifies a host either as a name or as a a dotted IP address; the third field specifies a port or service, with blank meaning any. </LI> </UL> <P> As noted above, when the <B>Set</B> button is pressed, the filter program equivalent to the above settings appears in the bottom-most control. If the <I>Use program</I> box is then checked, it can be edited further; pressing <B>Set</B> again will then use this filter program. </P> <P> The <B>Verify</B> button can be used to verify that the filter program is valid. Note that this applies to the displayed values; the <B>Set</B> button does not need to be pressed first. </P> <P> <A HREF="index-4.4.html">Next</A> <A HREF="index-4.2.html">Previous</A> <A HREF="index.html#toc4">Table of Contents</A> </P> <P> <HR size="3" noshade> </P> </BODY> </HTML>