OmniPeek Support

Filter for a range of ports

sgamer
Posts: 2
Joined: Tue May 12, 2009 2:07 pm

Filter for a range of ports

Postby sgamer » Tue May 12, 2009 2:44 pm

I would like to know if there is a way to filter a range of ports which I assumed was a feature but I cannot find it.

For instance, a firewall has a huge range in an ACL and I want to determine the actual ports in use and limit the ACL. I could capture all traffic and find it manually but it would be much easier if I could filter it for say UDP ports 1300 to 1700 which would provide a lot less data to manipulate.

DJWP
Posts: 676
Joined: Tue Oct 30, 2007 11:42 am

RE: Filter for a range of ports

Postby DJWP » Wed May 20, 2009 11:05 am

Here is a way to do that:

To create a filter that spans multiple ports you will need to use a
value filter. Here is how to do this:

1. Click View/Filters to bring up the filters window.

2. Click the New Filter button.

3. Change the Filter Type to Advanced.

4. At the bottom of the Edit Filter dialog, click the And button and
choose Protocol.

5. In the Protocol Filter dialog box, expand "Ethernet Type 2", then
"IP", then choose either TCP or UDP (depending on which protocol you
want to filter on) and click Ok.

6. Click the And button and select "Value". In the "Value Filter"
dialog box, enter the following values:
Length: 2 Bytes
Offset: 34
Mask: 0xFFFF
Signed: (not checked)
Network Byte Order: (checked)
Operator: >= (greater than or equal to)
Value: The decimal value of the bottom of the port range on which
you want to filter. E.g. if you wanted to filter on ports 5000 to
5500, you would put 5000 here.
Click Ok.

7. Click the And button and select "Value". In the "Value Filter dialog
box, enter the following values:
Length: 2 Bytes
Offset: 34
Mask: 0xFFFF
Signed: (not checked)
Network Byte Order: (checked)
Operator: <= (less than or equal to)
Value: The decimal value of the top of the port range on which you
want to filter. E.g. if you wanted to filter on ports 5000 to 5500,
you would put 5500 here.
Click Ok.

This filter will filter on the Source Port of the TCP or UDP frame. If
you want to do Destination Port, use Offset 36. If you want to do both
source and destination, combine a source and destination filter.

sgamer
Posts: 2
Joined: Tue May 12, 2009 2:07 pm

RE: RE: Filter for a range of ports

Postby sgamer » Wed May 20, 2009 12:13 pm

Thanks, I'll give it a shot. Shortly after posting the question I read somewhere in the Wildpackets documentation that this cannot be done so I wasn't expecting a solution. Thanks again.

GetchHard
Posts: 1
Joined: Mon Jun 01, 2009 7:51 pm

RE: RE: RE: Filter for a range of ports

Postby GetchHard » Mon Jun 01, 2009 8:27 pm

Thanks for giving this step by step instruction that you posted DJWP .,I also need this man.,



_________________
[url=http://www.iaqsource.com/]Humidifier Filters[/url]


Return to “OmniPeek Support”

Who is online

Users browsing this forum: No registered users and 1 guest