Manualshelf

User guide

ManualsBrandsAdash ManualsComputer equipment3600-MPX
141142143144145146147148149150
Reconnex Corporation
140
Release 7.0.0.4
What are Capture Filters?
There are two capture filter types. They are generally used to define significant portions of network
traffic that do not need to be analyzed by the capture engine. Eliminating processing of this
extraneous traffic improves iGuard's performance.
Although capture filters are most often used to screen out classes of information that can obscure
significant content, they are sometimes used to scan for and store critical data.
Capture Filter Types
Capture filters save processing time by allowing iGuard to focus only on significant traffic. There
are two types of capture filters, and they allow different types of capture actions.
Content capture filters act on data that is transmitted through the Application layer (Layer 1).
These filters can instruct the capture engine to ignore large stores of content which may not
produce any meaningful results.
Network capture filters act on data that is transmitted through the Transport layer (Layer 3). It
uses up resources but may not need to be recognized by the capture engine. This flow carries
distinct protocol information, and a network capture filter can be used to eliminate some of this data
from recognition by the capture engine.
Capture Filter Actions
Capture filter actions tell iGuard's capture engine what types of information are important enough to
processs.
Content and Network capture filters allow different types of capture actions.
Content capture filter actions include dropping certain elements from the data stream, ignoring
whole sessions containing those elements, or storing just the metadata of those elements.
When you Drop elements or sessions, the iGuard capture engine ignores that information in
the data stream.
Network capture filter actions either ignore or store entire transport sessions.
Store actions must come last in a list of network capture filters because that action concludes the filter
construction process. It instructs the capture engine to store everything that has NOT been defined.
Store adds all of the defined data to the database.
For example, you may want to identify FTP sessions found on the network and capture all of the content
being transmitted.
Catalog adds only metadata to the database.
For example, you may only want to know what kind of data is moving through the network data stream without
storing its content. This lets you can keep incidental information, like the source and destination of the data,
data types being transmitted, protocols being used to transmit it, and so forth.