User guide
iGuard/inSight User Guide
Release 7.0.0.4
145
Create a Network Capture Filter
Designing a network capture filter requires experimentation, but taking the time to streamline the
capture process can save iGuard a lot of processing time.
If you create a network capture filter, your capture filter actions are limited to storing or ignoring
entire sessions.
Best practice: Before creating a network capture filter, select the All Element in the Network
Filter dialog box. This action either captures or cuts off all traffic, depending on the capture
action you choose, so that you can observe a limited pool of data before deciding what to filter.
Network elements are arranged in top-down order to establish a specific filtering sequence — but
the order is not always significant. Depending on the objective, it may not matter where some filters
are placed, while the placement of others may be crucial.
Important: In every case the Base filter must run last, because it instructs the system to store
all data that is NOT ignored.
1. Make a list of the sessions you want the capture engine to store or ignore.
2. Go to System > System Administration > Capture Filters.
3. Select Create Network Filter.
4. Name and describe the filter.
5. Select the device(s) for deployment. If you select None, the filter will be created but not
deployed.
6. Select a capture action.
7. Select the sessions you want to single out for special treatment by the capture engine.