Specifications
22-4 Snoop Commands
set snoop
Configuresasnoopfilter.
Syntax
set snoop filter-name [condition-list] [observer ip-addr] [snap-length num]
Parameters
Defaults
Nosnoopfiltersareconfiguredbydefault.
filter‐name Nameforthefilter.Thenamecanbeupto15 alphanumericcharacters,
withnospaces.
condition‐list Matchcriteriaforpackets.ConditionsinthelistareANDed.Therefore,
tobecopiedandsenttoanobserver,apacketmustmatchallcriteria
in
thecondition‐list.Youcanspecifyuptoeightofthefollowingconditions
inafilter,inanyorderorcombination:
frame‐type{eq|neq}{beacon|control|data|management|probe}
channel{eq|neq}channel
bssid{eq|neq}bssid
src‐mac
{eq|neq|lt|gt}mac‐addr
dest‐mac{eq|neq| lt|gt}mac‐addr
host‐mac{eq|neq|lt|gt}mac‐addr
TomatchonpacketstoorfromaspecificMACaddress,usethedest‐
macorsrc‐mac
option.Tomatchonbothsendandreceivetrafficfora
hostaddress,usethehost‐macoption.Tomatchonatrafficflow(source
anddestinationMACaddresses),usethemac‐pairoption.Thisoption
matchesforeitherdirectionofaflow,andeitherMACaddresscanbe
thesource
ordestinationaddress.
Ifyouomitacondition,allpacketsmatchthatcondition.Forexample,if
youomitframe‐type,allframetypesmatchthefilter.
Formostconditions,youcanuseeq(equal)tomatchonlyontraffic that
matchestheconditionvalue.Useneq(notequal)tomatch
onlyon
trafficthatisnotequaltotheconditionvalue.
Thesrc‐mac,dest‐mac,andhost‐macconditionsalsosupportlt(less
than)andgt(greaterthan).
observerip‐addr SpecifiestheIPaddressofthestationwheretheprotocolanalyzeris
located.Ifyoudonotspecifyan
observer,theDAPradiostillcountsthe
packetsthatmatchthefilter.
snap‐lengthnum Specifiesthemaximumnumberofbytestocapture.Ifyoudonotspecify
alength,theentirepacketiscopiedandsenttotheobserver.Enterasys
Networksrecommendsspecifyingasnaplengthof100bytesorless.