Home

Building Filters

1. Define the task.

2. Gather the task components.

3. Build the pseudo code with the task components.

4. Build the filter to match the code.

Example 1: A MAC address filter

1. Define the task.

   • A filter for a MAC address of a problematic client or server.

2. Gather the task components.

   • Need MAC address of node as source (SA) at offset 6 or destination (DA) at offset 0.

   • Need MAC address of node but in DHCP header as Client Hardware Address at offset 46 when DHCP Offers and Acks are sent via broadcast from the DHCP server.

   • Need Target IP Address of node when other nodes ARP for it.

3. Build the pseudo code with the task components.

   • OR ___ DLC @ 0, variable offset

   •       |___ w.x.y.z @ 0, variable offset

4. Build the filter to match the pseudo code.

Home