<HTML>
  <HEAD>
    <TITLE>KSnuffle: Packet Filtering</TITLE>
  </HEAD>
  <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000">
    <FONT FACE="Helvetica">
    <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A>
    <BR>
    <HR noshade>
    <DIV ALIGN=right>
      <A HREF="index-4.4.html">Next</A>
      <A HREF="index-4.2.html">Previous</A>
      <A HREF="index.html#toc4">Table of Contents</A>
    </DIV>
    <BR>&nbsp;
    <H3>
      <A NAME="ss4.3"></A>4.3 Packet Filtering
    </H3>
    <P>
      Network packets can be filtered with a program that is passed to
      the underlying packet capture code. The filter program is specified
      on the <I>Filter/triggers </I>page, in the <I>Packet Filter </I>tab.
      Simple filter programs can be specified by selecting various options
      as described below. More complicated filters are the same as those
      passed on the command line to the
      <A HREF="man:tcpdump(8)">tcpdump(8)</A> command, and have to be entered
      directly.
    </P>
    <P>
      <A HREF="filters.html" target="Filters/Triggers">Click for full
      size image</A><IMG SRC="filters_s.png">
    </P>
    <P>
      The <I>Use program</I> checkbox controls whch if the above two cases
      applies; to enter full <A HREF="man:tcpdump(8)">tcpdump(8)</A> filter
      programs, it should be checked. Note that controls in the <I>program</I>
      area are enabled and disabled as appropriate, however, the program
      generated in simple mode is shown in the bottom-most field (and can
      then be edited if <I>Use program</I> is checked.
    </P>
    <UL>
      <LI><B>Protocols</B><BR>
	The first field specifies the network protocol (eg., <B>arp</B>,
	<B>atalk</B>); if left blank that all protocols are passed, while
	<B>ip</B> allows only Internet protocols. The second field specifies
	an Internet protocol; currently only <B>tcp</B> and <B>udp</B> are
	supported, while blank allows both to be passed.
      </LI>
      <LI><B>Combination</B><BR>
	The <B>and</B>/<B>or</B> control applies if values are entered in
	both of the two lines below. <B>And</B> indicates that packets are
	passed if both lines are true, while <B>or</B> passes packets if
	either line is true. A line is considered to contain values if
	either the second (host) or third (port/service) field is non-blank.
      </LI>
      <LI><B>Host selection</B><BR>
	Up to two hosts and/or ports can be specified. The first control
	in the line has three options, <B>Host</B> means the packet has
	the host/port as either its source or its destination, while
	<B>srce</B> and <B>dest</B> mean that the host/port must match
	the source or destination respectively. The second control in the
	line specifies a host either as a name or as a a dotted IP
	address; the third field specifies a port or service, with blank
	meaning any.
      </LI>
    </UL>
    <P>
      As noted above, when the <B>Set</B> button is pressed, the filter
      program equivalent to the above settings appears in the bottom-most
      control. If the <I>Use program</I> box is then checked, it can be
      edited further; pressing <B>Set</B> again will then use this filter
      program.
    </P>
    <P>
      The <B>Verify</B> button can be used to verify that the filter
      program is valid. Note that this applies to the displayed values;
      the <B>Set</B> button does not need to be pressed first.
    </P>
    <P>
      <A HREF="index-4.4.html">Next</A>
      <A HREF="index-4.2.html">Previous</A>
      <A HREF="index.html#toc4">Table of Contents</A>
    </P>
    <P>
      <HR size="3" noshade>
    </P>
  </BODY>
</HTML>