Preconfigured network packet search rules
You can search in traffic using preconfigured rules that use BPF and regular expressions.
To search network packets using a preconfigured rule:
- Select the Network map section in the application web interface window.
- Go to the Network sessions tab.
- Click Search in packets.
This opens the window with network packet search settings.
- In the Period of traffic to download field, set the bounds within which you want to search network packets.
- In the table below, copy a filtering expression from the Filtering using BPF or Filtering using regular expressions column and paste it into the corresponding section of the web interface for searching in network packets.
- Click Search.
The table displays data that match the filtering criteria.
The preconfigured rules are listed in the table below.
Preconfigured network packet search rules
Purpose of the rule |
Filtering using BPF |
Filtering using regular expressions |
Explanation |
Example |
---|---|---|---|---|
Searching traffic by IP address |
|
|
|
|
Searching traffic between two hosts |
|
|
|
|
Searching for traffic of an individual TCP session |
|
|
|
|
Searching for traffic by multiple IP addresses |
|
|
|
|
Finding all DNS queries from a group of hosts |
|
|
|
|
Searching for HTTP traffic |
|
|
The filter must be used without quotes |
|
Searching for DNS traffic |
|
|
Standard DNS only |
|
Searching for HTTP traffic with a GET request to a certain domain |
|
|
|
|
Searching for ICMP traffic of a specific host |
|
|
|
|
Searching for authentication data transmitted as plain text |
|
|
The filter must be used without quotes |
|
Searching for TCP sessions in which the host acts as a client |
|
|
|
|
Searching for HTTP traffic in a given subnet |
|
|
|
|
Searching for local interaction traffic |
|
|
|
|
Searching for traffic of interaction with objects on the internet |
|
|
|
|
Searching for traffic by the UserAgent field in HTTP traffic |
|
|
|
|