OmniPeek Support

How to creat filters with filter bar ?

cara
Posts: 1
Joined: Sat Apr 23, 2011 1:58 am

How to creat filters with filter bar ?

Postby cara » Sat Apr 23, 2011 4:01 am

I have a question about how to creat filters with filter bar ? there is no related instructions for filter expressions in the help file.I need to know the detail rules of expression,where can I get it?

DigiAngel
Posts: 1
Joined: Sun Apr 24, 2011 9:04 am

RE: How to creat filters with filter bar ?

Postby DigiAngel » Sun Apr 24, 2011 9:17 am

I completely agree...to be honest OmniPeek's filtering leaves much to be desired compared to say WireShark. Even copying and pasting OmniPeek's example from the manual doesn't work:

addr(ethernet:'3com:*.*.*')

Gives me:

Syntax error: Unable to parse address "3com:*.*.*"

Pretty lame considering that this is straight out of the manual.

DJWP
Posts: 687
Joined: Tue Oct 30, 2007 11:42 am

RE: RE: How to creat filters with filter bar ?

Postby DJWP » Mon Apr 25, 2011 8:13 am

Information on the Filter Bar syntax can indeed be found on page 105 of the OmniPeek Users Guide which is installed with OmniPeek. It is a proprietary syntax.

mharing
Posts: 2
Joined: Thu Jun 26, 2014 12:59 pm

Re: How to creat filters with filter bar ?

Postby mharing » Thu Jun 26, 2014 1:19 pm

addr(ethernet:'*.*.*.*.*.*')

where * represents either a variable or a peice of the MAC address. For example:

addr(ethernet:'*.*.*.*.*.5A')

This would be used to filter the MAC address ending in 5A.


Return to “OmniPeek Support”

Who is online

Users browsing this forum: Bing [Bot] and 12 guests