Specifications
set snoop
Chapter 22
Snoop Commands
616
set snoop
Configures a snoop filter.
Syntax
set snoop filter-name [condition-list] [observer ip-addr] [snap-length
num]
filter-name Name for the filter. The name can be up to 15 alphanumeric
characters, with no spaces.
condition-list Match criteria for packets. Conditions in the list are ANDed.
Therefore, to be copied and sent to an observer, a packet
must match all criteria in the condition-list. You can specify
up to eight of the following conditions in a filter, in any
order or combination:
• frame-type {eq | neq} {beacon | control | data |
management | probe}
• channel {eq | neq} channel
• bssid {eq | neq} bssid
• src-mac {eq | neq | lt | gt} mac-addr
• dest-mac {eq | neq | lt | gt} mac-addr
• host-mac {eq | neq | lt | gt} mac-addr
• mac-pair mac-addr1 mac-addr2
• direction {eq | neq} {transmit | receive}
To match on packets to or from a specific MAC address, use
the dest-mac or src-mac option. To match on both send and
receive traffic for a host address, use the host-mac option.
To match on a traffic flow (source and destination MAC
addresses), use the mac-pair option. This option matches
for either direction of a flow, and either MAC address can be
the source or destination address.
If you omit a condition, all packets match that condition. For
example, if you omit frame-type, all frame types match the
filter.
For most conditions, you can use eq (equal) to match only
on traffic that matches the condition value. Use neq (not
equal) to match only on traffic that is not equal to the
condition value.
The src-mac, dest-mac, and host-mac conditions also
support lt (less than) and gt (greater than).