You can search in traffic using preconfigured rules that use BPF and regular expressions.
To search network packets using a preconfigured rule:
This opens the window with network packet search settings.
The table displays data that match the filtering criteria.
The preconfigured rules are listed in the table below.
Preconfigured network packet search rules
Purpose of the rule |
Filtering using BPF |
Filtering using regular expressions |
Explanation |
Example |
---|---|---|---|---|
Searching traffic by IP address |
|
|
|
|
Searching traffic between two hosts |
|
|
|
|
Searching for traffic of an individual TCP session |
|
|
|
|
Searching for traffic by multiple IP addresses |
|
|
|
|
Finding all DNS queries from a group of hosts |
|
|
|
|
Searching for HTTP traffic |
|
|
The filter must be used without quotes |
|
Searching for DNS traffic |
|
|
Standard DNS only |
|
Searching for HTTP traffic with a GET request to a certain domain |
|
|
|
|
Searching for ICMP traffic of a specific host |
|
|
|
|
Searching for authentication data transmitted as plain text |
|
|
The filter must be used without quotes |
|
Searching for TCP sessions in which the host acts as a client |
|
|
|
|
Searching for HTTP traffic in a given subnet |
|
|
|
|
Searching for local interaction traffic |
|
|
|
|
Searching for traffic of interaction with objects on the internet |
|
|
|
|
Searching for traffic by the UserAgent field in HTTP traffic |
|
|
|
|