User guide
Reconnex Corporation
142
Release 7.0.0.4
This filter excludes images in BMP and GIF formats.
Ignore HTTP Gzip Responses
This filter excludes HTTP Gzip responses. This keeps the system from opening compressed files more than
once.
Standard Network Capture Filters
Transport (level 3) traffic can slow iGuard's performance unnecessarily, so a set of standard
network capture filters is provided to keep the capture engine from processing it.
For example, most businesses are interested in monitoring the traffic carried to or from external
IP addresses. The IANA Internet Assigned Numbers Authority has provided a special set of
addresses for internal use only, and these addresses (beginning with 10, 172, and 192) are listed in
RFC Request for Comments 1918.
Because only external addresses need analysis by iGuard, Reconnex created a network filter
named after this document to exclude intranet addresses from consideration by the capture engine.
Note: Depending on the objective, it may not matter where some network capture filters are
placed, while the placement of others may be crucial and may need to be reprioritized. When
you create a network capture filter, you must carefully consider the flow of traffic and use best
practices to figure out a sequence defining the search engine's treatment of your transport
traffic.
Important: Always keep in mind that the Base capture filter must run last.
Ignore RFC1918 Destinations
This filter excludes traffic routed to 10.0.0.0-10.255.255.255, 172.16.0.0-172.31.255.255 and 192.168.0.0-
192.168.255.255.
Ignore HTTP Responses
HTTP Response status codes are program output sent from a server after receiving and interpreting an
HTTP Request.
Ignore Unknown Protocols
This filter excludes traffic using any unknown protocol. In some cases it may be useful to analyze these
protocols, but these instances are exceptions to the rule.
Ignore SMB Traffic