print

Tip of the Month

July 2002

Using the Filter column display option from the Packet List

You can expand the level of information shown to you in the EtherPeek or AiroPeek summary window by adding a specialized column of your own description. For example, suppose you wanted to add a column that indicated whether a packet was a Version 2 Ethernet frame, an IEEE 802.3 packet, a SNAP packet, or a Novell 802.3 RAW packet. Any characteristic of a packet that can be defined by a filter can be displayed in the summary window with a textual identifier of your own choosing.

To begin, you create one or more filters that identify the packet characteristics in which you are interested. The name that you give the filter will end up being displayed in the Filter column in the summary display. You could create a set of filters like this:

Right-click in the packet list and choose Packet List Options. Turn on the Filter column option. From the Edit/Select window, turn on both filters and click the Select button. When the "Hide Selected Packets" dialog box appears, simply click Close (that is, do not do any actual hiding). The Filter column will now contain the filter names that you've defined, and in this case those names will be indicative of whether a packet is a Version 2 Ethernet or an IEEE 802.3 Ethernet packet.

This approach could be used to identify specific attempts to open a particular file, or to flag the presence of a particular user logging in. Anything that you can define in terms of a filter can be displayed in the Filter column with a descriptive text string of your own choosing.