NAM Custom Capture Filter configuration

Unanswered Question
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mchin345 Tue, 10/07/2008 - 13:22
User Badges:
  • Silver, 250 points or more

There's actually a pretty easy solution...basically:

(1) Go to Setup->Monitor->Protocol Directory

(2) Create a new protocol at the TCP port 5190 called whatever they want

(3) Go to Capture->Settings and select the new protocol they created for their simple capture filter

In case you still want to use the custom filter, here is how to set up a filter for TCP source port 5190:

1. Go to Capture > Custom Filter > Capture Filters

2. Create a new capture filter, give it some name (e.g. tcp-port-5190)

3. Select TCP for Protocol

4. Enter "14 46" (w/out the quotation) for Data (0x1446 is the port number

5190 in hex)

5. For source port, enter "0" for Offset (for destination port, enter "2").

Select "tcp" for Base. (the src port is at offset 0 from the start of

the TCP header)

6. Click "Apply" to save your filter and select it when you start capture

NAM capture filters for SNMP probably can't be done. The problem is that you must create the filter useing the "SNMP UDP" packet type and then offset so many bytes within that SNMP packet to find the SNMP PDU Type byte.

This would work if it weren't for one of the fields in the SNMP PDU having varying lengths and therefore changing the offset for each length.

The SNMP Message Type field may be 8, 9, or 10 bytes in length. This makes it impossible to give an exact offset value to triger on for the SetRequest A3 value.


This Discussion