• SonicOS 7.0
• Using Packet Monitor
  • Benefits of Packet Monitor
  • How Does Packet Monitor Work?
  • Supported Packet Types
  • Configuring Packet Monitor
    • Configuring General Settings
      • Configuring General Settings
      • Configuring the Monitor Filter
      • Configuring Display Filter Settings
      • Configuring Logging Settings
      • Configuring Advanced Monitor Filter Settings
      • Configuring Mirror Settings
        • Starting and Stopping Packet Mirror
  • Monitoring Captured Packets
    • Starting and Stopping Packet Capture
  • Viewing Packet Monitoring Statistics
    • Capture Statistics
    • Local Mirror Statistics
    • Remote Mirror TX Statistics
    • Remote Mirror RX Statistics
    • FTP Statistics
    • Current Buffer Statistics
• Viewing Connections
  • Searching the Connections
  • Filtering the Connection Log
  • Connections Log Functions
• Monitoring Core 0 Processes
• Using Packet Replay
  • Single Packets
    • Packet Crafting
    • Packet Buffer
  • Replay Pcap File
    • Replaying an IP Pcap File
    • Replaying a MAC Pcap File
  • Captured Packets
    • About Captured Packets
    • Packet Detail
    • Hex Dump
• SonicWall Support
  • About This Document

Configuring Display Filter Settings

This section describes how to configure packet monitor display filter settings. The values that you provide here are compared to corresponding fields in the captured packets, and only those packets that match are displayed. These settings apply only to the display of captured packets on the management interface, and do not affect packet mirroring.

If a field is left blank, no filtering is done on that field. Packets are displayed without regard to the value contained in that field of their headers.

To configure Packet Monitor display filter settings

1. Navigate to the Monitor > Tools & Monitors > Packet Monitor page.
2. Select the General tab.

3. Select the Display Filter tab.

   

4. In the Interface Name(s) box, type the SonicWall network security interfaces for which to display packets, or use the negative format (!X0) to display packets captured from all interfaces except those specified. You can specify up to ten interfaces separated by commas. Refer to the Network > Interfaces screen in the management interface for the available interface names.

5. In the Ether Type(s) box, enter the Ethernet types for which you want to display packets, or use the negative format (!ARP) to display packets of all Ethernet types except those specified. You can specify up to ten Ethernet types separated by commas. Currently, these Ethernet types are supported:

   • ARP
   • IP
   • PPPoE-SES
   • PPPoE-DIS

   The latter two can be specified by PPPoE alone.

   You can also use hexadecimal values to represent the Ethernet types, or mix hex values with the standard representations; for example: ARP, 0x800, IP. Normally, you would only use hex values for Ethernet types that are not supported by acronym in SonicOS. (Refer to Supported Packet Types for more information.)

6. In the IP Type(s) box, enter the IP packet types for which you want to display packets, or use the negative format (!UDP) to display packets of all IP types except those specified. You can specify up to ten IP types separated by commas. These IP types are supported:

   • TCP
   • UDP
   • ICMP
   • GRE
   • IGMP
   • AH
   • ESP

   You can also use hexadecimal values to represent the IP types, or mix hex values with the standard representations; for example: TCP, 0x1, 0x6. To display all IP types, leave blank. (Refer to Supported Packet Types for more information.)

7. In the Source IP Address(es) box, type the IP addresses from which you want to display packets, or use the negative format (!10.1.2.3) to display packets captured from all source addresses except those specified.
8. In the Source Port(s) box, type the port numbers from which you want to display packets, or use the negative format (!25) to display packets captured from all source ports except those specified.
9. In the Destination IP Address(es) box, type the IP addresses for which you want to display packets, or use the negative format (!10.1.2.3) to display packets with all destination addresses except those specified.
10. In the Destination Port(s) box, type the port numbers for which you want to display packets, or use the negative format (!80) to display packets with all destination ports except those specified.
11. Select Enable Bidirectional Address and Port Matching to match the values in the source and destination fields against either the source or destination information in each captured packet.
12. Select Forwarded to display captured packets that the SonicWall network security appliance forwarded, .
13. Select Generated to display captured packets that the SonicWall network security appliance generated.
14. Select Consumed to display captured packets that the SonicWall network security appliance consumed.
15. Select Dropped to display captured packets that the SonicWall network security appliance dropped, .
16. To save your settings and exit the configuration window, click Save.