Manualshelf

System information

ManualsBrandsProxim ManualsComputer equipmentHarmony 802.11a Network Adapter 802.11a
231232233234235236237238239240
230
The Tools Menu
view, you can right-click to set a filter or direct a filtered capture from that station. You
can set a pattern filter by right clicking on the hex pane of the decode window. From the
Expert TCP and UDP Events displays, Observer Expert and Suite users can auto-create a
“conversation filter” (i.e. an address and port filter) by right-clicking an event.
Chaining Multiple Filter Rules by using Logical Operators
Sometimes you need more sophisticated rules to capture packets from a number of
addresses that meet complex criteria.
For these kinds of situations, you can chain multiple rules together into a single filter using
the logical operators AND, OR, and BRANCH. The filter rule editor arranges the rules
according to where the fall logically in the decision tree that you are building when using
multiple rules. Each rule is represented by a rectangle, ANDs are represented by
horizontal connecting lines, ORs and BRANCHes are represented by vertical lines.
AND and OR mean exactly what you would think. For example, the following rule would
cause Observer to include only CRC error packets that originate from IP 255.0.0.1 (in
other words, both the address rule AND the error rule must return positive for the packet
to be captured).
If you want to capture traffic from 2555.0.0.1 along with any error packets regardless of
originating station, you would chain the rules with OR:
BRANCH is somewhat like an OR, but if the packet matches the first rule in the branch, it
is matched only against the rules that follow on that branch.
Suppose your network includes an intrusion detection system (IDS) with a “honeypot
(i.e., a system to attract hackers so that you can monitor what they are doing). The IDS is