📄 miscipfilters.html

📁 一个网络流量分析的完整的程序
💻 HTML
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"><HTML><HEAD><TITLE>Miscellaneous IP Protocol Filters</TITLE><METANAME="GENERATOR"CONTENT="Modular DocBook HTML Stylesheet Version 1.64"><LINKREL="HOME"TITLE="IPTraf User's Manual"HREF="manual.html"><LINKREL="UP"TITLE="Filters"HREF="filters.html"><LINKREL="PREVIOUS"TITLE="UDP Filters"HREF="udpfilters.html"><LINKREL="NEXT"TITLE="ARP, RARP, and other Non-IP Packet Filters"HREF="nonipfilters.html"></HEAD><BODYCLASS="SECT1"BGCOLOR="#FFFFFF"TEXT="#000000"LINK="#0000FF"VLINK="#840084"ALINK="#0000FF"><DIVCLASS="NAVHEADER"><TABLEWIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><THCOLSPAN="3"ALIGN="center">IPTraf User's Manual</TH></TR><TR><TDWIDTH="10%"ALIGN="left"VALIGN="bottom"><AHREF="udpfilters.html">&#60;&#60;&#60; Previous</A></TD><TDWIDTH="80%"ALIGN="center"VALIGN="bottom">Filters</TD><TDWIDTH="10%"ALIGN="right"VALIGN="bottom"><AHREF="nonipfilters.html">Next &#62;&#62;&#62;</A></TD></TR></TABLE><HRALIGN="LEFT"WIDTH="100%"></DIV><DIVCLASS="SECT1"><H1CLASS="SECT1"><ANAME="MISCIPFILTERS">Miscellaneous IP Protocol Filters</A></H1><P>  Since version 2.5, IPTraf allows filtering of other IP (non-TCP,  non-UDP) protocols by source and destination IP address (as compared  to the simple toggles in previous versions).</P><P>  Other IP filters are managed under the<ICLASS="EMPHASIS">Filters.../Other IP...</I> menu.  It has the same options as the <ICLASS="EMPHASIS">Filters.../TCP...</I> menu.</P><DIVCLASS="FIGURE"><ANAME="AEN1678"></A><P><IMGSRC="iptraf-othipfltdefine.png"></P><P><B>Figure 6. The filter name dialog for other IP protocols</B></P></DIV><P>  As with the TCP filter menu, select <ICLASS="EMPHASIS">Define newfilter...</I> to define a new  filter. Enter a description and press Enter to go to the next dialog box.</P><P>  The network criteria dialog box asks for the  source and destination addresses and wildcard masks, and which protocols  to match.</P><P>  As with the TCP and UDP filters, you may enter an IP address or host  name in the <TTCLASS="COMPUTEROUTPUT">Address</TT> fields. Specify under the<TTCLASS="COMPUTEROUTPUT">Wildcard mask</TT>  fields the bit masks that determine which bits in the  rule's addresses are to be matched with the addresses in the packets  just like as in the TCP and UDP filter dialogs.</P><P>  After the addresses and masks, enter <TTCLASS="COMPUTEROUTPUT">Y</TT> beside each protocol to  match. Any other entry (or no entry) for the protocol fields  will cause the filter to ignore those protocols.</P><P>  If the <TTCLASS="COMPUTEROUTPUT">Include/Exclude</TT> field is setto <TTCLASS="COMPUTEROUTPUT">E</TT>, (exclude), the filter logic willbe reversed, and all packets matched by the filter will be omittedinstead. This is useful if you want to display all packets of a typeof traffic except for a select few (just  like the TCP and UDP filters). This field is setto <TTCLASS="COMPUTEROUTPUT">I</TT> (include) by default.</P><P>  Define as many entries as you need. Entries are processed in the order  they are entered. Therefore, if a packet matches an entry, it will  no longer match any other matching filter entry.</P><P>&#13;  The miscellaneous IP protocol filter matches packets whose  source and destination addresses exactly fit the filter's source and  destination  specifications (unlike the TCP/UDP filters which match packets flowing  in both directions). In other words, the filter matches packets flowing  in only one direction. Should you want to match packets flowing in the  opposite direction, you will have to define another  filter entry reversing the source and destination addresses and  masks. The example below illustrates this:&#13;</P><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1695">Examples</A></H2><P>  To display only ICMP packets from anywhere to host 10.0.0.1:</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1698"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">10.0.0.1</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Protocols to match</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">ICMP: <TTCLASS="COMPUTEROUTPUT">Y</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><P>  This does not match ICMP packets from 10.0.0.1 to anywhere  (while a similar TCP/UDP filter would have matched the  opposite-flowing TCP and UDP packets). To match ICMP packets from host  10.0.0.1 to anywhere (the reverse of the above example):</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1725"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">10.0.0.1</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Protocols to match</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">ICMP: <TTCLASS="COMPUTEROUTPUT">Y</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV></DIV><DIVCLASS="SECT2"><H2CLASS="SECT2"><ANAME="AEN1751">Other Examples</A></H2><P>  To display all OSPF, IGP, and IGRP packets only from anywhere to anywhere</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1754"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Protocols to match</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">OSPF: <TTCLASS="COMPUTEROUTPUT">Y</TT> IGP: <TTCLASS="COMPUTEROUTPUT">Y</TT> IGRP: <TTCLASS="COMPUTEROUTPUT">Y</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><P>  To display all ICMP except those destined for 207.0.115.45</P><P>  First entry:</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1784"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">207.0.115.45</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">255.255.255.255</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Protocols to match</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">ICMP: <TTCLASS="COMPUTEROUTPUT">Y</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">E</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><P>  Then enter a second entry:</P><DIVCLASS="INFORMALTABLE"><ANAME="AEN1811"></A><P></P><TABLEBORDER="0"WIDTH="100%"BGCOLOR="#E0E0E0"CELLSPACING="0"CELLPADDING="4"CLASS="CALSTABLE"><TBODY><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Address</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Wildcard mask</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT></TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Protocols to match </TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">ICMP: <TTCLASS="COMPUTEROUTPUT">Y</TT></TD><TD>&nbsp;</TD></TR><TR><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP">Include/Exclude</TD><TDWIDTH="33%"ALIGN="LEFT"VALIGN="TOP"><TTCLASS="COMPUTEROUTPUT">I</TT></TD><TD>&nbsp;</TD></TR></TBODY></TABLE><P></P></DIV><DIVCLASS="TIP"><P></P><TABLECLASS="TIP"WIDTH="100%"BORDER="0"><TR><TDWIDTH="25"ALIGN="CENTER"VALIGN="TOP"><IMGSRC="./stylesheet-images/tip.gif"HSPACE="5"ALT="Tip"></TD><THALIGN="LEFT"VALIGN="CENTER"><B>Tip</B></TH></TR><TR><TD>&nbsp;</TD><TDALIGN="LEFT"VALIGN="TOP"><P>  To omit all non-TCP and non-UDP IP traffic from the display,  define a filter withsource and destination addresses <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>,  wildcard masks <TTCLASS="COMPUTEROUTPUT">0.0.0.0</TT>, withoutspecifying <TTCLASS="COMPUTEROUTPUT">Y</TT> to any of the protocols.  Mark the <TTCLASS="COMPUTEROUTPUT">Include/Exclude</TT> field withan <TTCLASS="COMPUTEROUTPUT">I</TT>.</P></TD></TR></TABLE></DIV><P>  The filters can also be edited in much the same way as the TCP and UDP  filters with the same keystrokes. After selecting the filter you want to  edit, you will see the IP addresses/hostnames and masks of the  filter rules. As you move the selection bar to select a rule, the bottom  of the selection box displays the protocols that particular rule matches.</P><P>  The <ICLASS="EMPHASIS">Detach filter...</I> item causes the filter to deactivate, and all  protocols (other than TCP and UDP of course) will be displayed  in the lower window.</P><P>  As with the TCP and UDP filter editing dialogs, you can press Enter to  edit the selected rule, I to insert at the selection bar's current  position, A to add to the list of rules, and D to delete the currently  pointed rule. You can move the rule selection bar with the Up and Down  cursor keys.</P><P>  The <ICLASS="EMPHASIS">Delete filter...</I> menu item allows you to delete an entire filter.</P></DIV></DIV><DIVCLASS="NAVFOOTER"><HRALIGN="LEFT"WIDTH="100%"><TABLEWIDTH="100%"BORDER="0"CELLPADDING="0"CELLSPACING="0"><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top"><AHREF="udpfilters.html">&#60;&#60;&#60; Previous</A></TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"><AHREF="manual.html">Home</A></TD><TDWIDTH="33%"ALIGN="right"VALIGN="top"><AHREF="nonipfilters.html">Next &#62;&#62;&#62;</A></TD></TR><TR><TDWIDTH="33%"ALIGN="left"VALIGN="top">UDP Filters</TD><TDWIDTH="34%"ALIGN="center"VALIGN="top"><AHREF="filters.html">Up</A></TD><TDWIDTH="33%"ALIGN="right"VALIGN="top">ARP, RARP, and other Non-IP Packet Filters</TD></TR></TABLE></DIV></BODY></HTML>
💿 文件大小 355 K
👤 上传用户 syxie
📂 所属分类 Internet/网络编程
🏷️ 相关标签

#网络 #流量分析 #程序
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -