Capture module: Difference between revisions

Jump to navigation Jump to search

Capture module (view source)

Revision as of 14:11, 7 April 2021

1,013 bytes added ,  7 April 2021
m
→‎Using expert filters to start captures
Line 192: Line 192:
|-
|-
|}
|}
::will case insensitive match packets that contain the string(s) 'allegro' and/or 'http' anywhere in their payload.
::will case insensitive match packets that contain the string(s) 'allegro' and/or 'http' anywhere in the payload.
::will case insensitive match packets that contain the string(s) 'allegro' and/or 'http' anywhere in the payload.  NOTE: The use of regexp is CASE sensitive. You must use the (?i) modifier to enable case insensitive filtering.  <br />Captures can be limited to any amount of time or bytes, for example to capture only one minute or one megabyte of traffic.
::NOTE: The use of regexp is CASE sensitive. You must use the (?i) modifier to enable case insensitive filtering.


Below the list of filter criteria there is a button to actually start (or stop) the capture. In case the filter expression is invalid, the button is disabled.
Of course the Allegro Network Multimeter regular expression (RegEx) capture filter, can also be used in combination with our other capture expressions.
 
* The expression
:{| class="wikitable sortable"
|-
| <nowiki>regexp == “allegro|analyzer” and l7protocol == "dns"</nowiki>
|-
|}
::Will case sensitive match and capture <u>only DNS packets</u> containing the string(s) “allegro” and/or “analyzer.
 
* The expression
:{| class="wikitable sortable"
|-
| <nowiki>regexp == “allegro|analyzer” and l7protocol != "dns"</nowiki>
|-
|}
::Will case sensitive match and capture all (except DNS) packets containing the string(s) “allegro” and/or “analyzer.
 
<i>Whenever you are unsure about the outcome of RegEx based packet capturing, you can pre-test the outcome of your expressions on https://pythex.org/.
While pre-testing on https://pythex.org/, avoid using the “IGNORECASE” button. Instead use the (?i) modifier for constructing case insensitive expressions, as mentioned above. Python based expression examples and explanations you'll find on https://www.programiz.com/python-programming/regex</i>
 
 
All captures can be limited to any amount of time or bytes, for example to capture only one minute or one megabyte of traffic.
 
Below the list of filter criteria, you will find the button to actually start (or stop) the capture. In case the filter expression is invalid, the button is disabled.


====Layer 7 protocol capture====
====Layer 7 protocol capture====
Remco.derooy
325

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/3572"

Navigation menu