Protocol Filter

The protocol filter allows to reduce the number of packets stored in the document (capture filter) or displayed in views (view filter) depending on the protocol, packet type or source and destination ports of the packets. Use the Protocol Filter page of the Settings dialog to enable and modify the protocol filter.

When different computer systems shall communicate over a network, there is the need to agree on a common structure for the data that is exchanged between them. For this purpose protocol descriptions are used that establish a number of data encoding rules. As different tasks in the network communication require different actions and parameters, it is often not feasible to use a single protocol for all aspects of the communication. Therefore some protocols are solely used for the data linkage between the physical components of the network and the software, others are used to address specific systems or subsystems in a local network or to route data between sub-networks. As a consequence a network packet is usually composed of interlocked data blocks, each encoded in accordance with a different protocol description. This can be considered as a stack of protocols, whereat each protocol is processed on a different layer of the network communication.

This need to be taken into account when setting up a protocol filter. A packet will only pass this filter if all protocols that were used to encode this packet are activated in the filter.

Examples for TCP/IP and OSI Transport:

You will always need to activate a data link layer protocol. This is usually Ethernet (or Token Ring or FDDI). Ethernet is further subdivided into the protocols Ethernet II, Novell Ethernet, SNAP and LLC. For TCP/IP traffic you will in most cases need to activate Ethernet II, but IP data can be encoded inside any of the above protocols. For ISO OSI activate LLC and at least its LLC UI packet type.

On the network layer activate the network data and routing packets as needed. For IP this is always IP and any of IPv4 or IPv6. For ISO OSI activate ISO Network Layer, CLNP, and CLNP - Data.

On the transport layer and higher layers activate UDP and/or TCP with all needed TCP packet types and all upper layer protocols you want to see (e.g. HTTP, DNS, POP3, etc.). For ISO OSI activate ISO Transport Layer, OSI TP, and any OSI TP packet type.

Note: It will in general be more convenient to uncheck the protocols you don't want to see than to set up the needed protocol stack from scratch.

Note: You can add the port numbers of missing TCP and UDP protocols to the MTNA configuration files. See Modifying the configuration files for more information.