For example, the following commands create a rule (rule 10 in capture list 510) that provides
that TCP packets are not captured:
G350-001(super)# ip capture-list 510
G350-001(super-Capture 510)# ip-rule 10
G350-001(super-Capture 510/ip rule 10)# composite-operation no-capture
Done!
G350-001(super-Capture 510/ip rule 10)# ip-protocol tcp
Done!
G350-001(super-Capture 510/ip rule 10)# composite-operation no-capture
Done!
G350-001(super-Capture 510/ip rule 10)# ip-protocol tcp
Done!
G350-001(super-Capture 510/ip rule 10)#
You can use the following rule criteria commands. These commands are described in more
detail below.
dscp
●
ip protocol
●
source ip address
●
●
destination ip address
●
tcp source-port
tcp destination-port
●
udp source-port
●
●
udp destination-port
●
icmp
fragment
●
Note:
You can also use the description command in the rule context to add a
Note:
description of the rule.
Rules work in the following ways, depending on the type of information in the packet, and the
number of criteria in the rule:
L4 rules with a Permit operation are applied to non-initial fragments
●
L4 rules with a Deny operation are not applied to non-initial fragments, and the device
●
continues checking the next IP rule. This is to prevent cases in which fragments that
belong to other L4 sessions may be blocked by the other L4 session which is blocked.
L3 rules apply to non-initial fragments
●
L3 rules that include the fragment criteria do not apply to initial fragments or non-fragment
●
packets
Configuring and analyzing packet sniffing
Issue 1.1 June 2005
285