Capture module: Difference between revisions

no edit summary
No edit summary
No edit summary
Line 157: Line 157:
* '''ipFragment''': If set to 1 all IPv4 fragments will be captured (i.e. packets having the 'More fragments' flag and 'Fragment offset' set). If set to 0 all packets without IPv4 fragmentation will be captured.
* '''ipFragment''': If set to 1 all IPv4 fragments will be captured (i.e. packets having the 'More fragments' flag and 'Fragment offset' set). If set to 0 all packets without IPv4 fragmentation will be captured.
* '''regexp''': The packet payload matches the quoted regular expression (RegEx) to the other side of the == operator or does not match the regular expression to the other side of the != operator. In case of IP packets the matching will be performed on the L7 payload of the packet. In case of non-IP packets the matching will be performed on the whole packet except the Ethernet header. Regular expressions largely support the pattern syntax used by the PCRE library with the exception of certain constructs. An invalid pattern will produce a descriptive error message and prevent the capture from being started.
* '''regexp''': The packet payload matches the quoted regular expression (RegEx) to the other side of the == operator or does not match the regular expression to the other side of the != operator. In case of IP packets the matching will be performed on the L7 payload of the packet. In case of non-IP packets the matching will be performed on the whole packet except the Ethernet header. Regular expressions largely support the pattern syntax used by the PCRE library with the exception of certain constructs. An invalid pattern will produce a descriptive error message and prevent the capture from being started.
* '''ipDoNotFragment''': The value of this operand will be 1 for IPv4 packets that are marked as to not be fragmented (packets which have the 'do not fragment' flag set).  
* '''ipDoNotFragment''': The value of this operand will be 1 for IPv4 packets that are marked as to not be fragmented (packets which have the 'do not fragment' flag set).
* '''mactype''': The type of the packets destination MAC address. Allowed values are 'unicast, 'broadcast' and 'multicast'.


For a specific precedence you may use parentheses '''('''/''')'''.
For a specific precedence you may use parentheses '''('''/''')'''.
122

edits