Allegro Network Multimeter Manual

Packet ring buffer: Difference between revisions

Page Discussion

Packet ring buffer (view source)

Revision as of 16:02, 8 October 2020

918 bytes added ,  8 October 2020
→‎Packet ring buffer snapshot length filter
Line 121: Line 121:


When creating a snapshot length filter rule, a dialog is displayed and allows following options:
When creating a snapshot length filter rule, a dialog is displayed and allows following options:
* Rule condition: Match all packets or a certain MAC or IP address, TCP/UDP port, a layer 7 protocol a VLAN tag or an interface.  
* Rule condition: Specify which packets to match.
 
:The input field below allows entering the corresponding value.
:The input field below allows entering the corresponding value.
:{| class="wikitable"
|-
! Rule condition
! Description
|-
| All packets
| everything
|-
| MAC address
| source or destination MAC address
|-
| IP address
| source or destination IP address or subnet
|-
| TCP port
| the source or destination TCP port
|-
| UDP port
| the source or destination UDP port
|-
| Layer 7 protocol
| the selected layer 7 protocol
|-
| outer VLAN tag
| the most outer VLAN tag (directly after ethernet header)
|-
| interface
| the ingress interface the packet originated from
|-
| SIP phone number
|
The number matches part of the 'From:' or 'To:' entry in a SIP INVITE packet
* value '234' will match '<nowiki>From: "Caller1" <sip:234</nowiki>', but also '<nowiki>From: "Caller2" <sip:12345@test></nowiki>'
Correlating SIP packets for the same Call-ID will match.
The RTP packets correlated to this SIP call will also match.
|-
| virtual link group
| the virtual link group the packet belongs to
|}
* Negate: Controls comparison of the rule condition to the value. If this is off, the value must match.  
* Negate: Controls comparison of the rule condition to the value. If this is off, the value must match.  
:If this is on, the value must not match.
:If this is on, the value must not match.
* Action: What shall be done with the matching packets.
* Action: What shall be done with the matching packets.
** Snapshot length: The packet is captured with a max length as specified in the input field below. If the packet is larger, the remaining bytes will be discarded.
:{| class="wikitable"
** Discard: Discard the whole packet.
|-
** Full: The whole packet is captured.
! Action !! Description
** Header + data: Capture just certain parts of the packet. When selecting '''L3 header''', layer 2 and layer 3 headers are stored.  
|-
:When selecting '''L3 + L4 header''', layer 2, 3 and 4 headers are stored.  
| Snapshot length
:When selecting '''L3 + L4 + L7 data''', an input field is shown where the length of layer 7 data can be configured.  In this case layer 2, 3 and 4 are stored together with the specified amount of layer 7 data.
| The packet is captured with a max length as specified in the input field below. If the packet is larger, the remaining bytes will be discarded.
|-
| Discard
| Discard the whole packet.
|-
| Full
| The whole packet is captured.
|-
| Header + data
|
Capture just certain parts of the packet.
 
When selecting '''L3 header''', layer 2 and layer 3 headers are stored.  
 
When selecting '''L3 + L4 header''', layer 2, 3 and 4 headers are stored.  
 
When selecting '''L3 + L4 + L7 data''', an input field is shown where the length of layer 7 data can be configured.  In this case layer 2, 3 and 4 are stored together with the specified amount of layer 7 data.
 
|}


==== Analyzing the packet ring buffer ====
==== Analyzing the packet ring buffer ====
Georg
28

edits

Retrieved from "https://allegro-packets.com/wiki/Special:MobileDiff/3045"