print

Tip of the Month

Network Analysis Tip of the Month – December 2006

A "Select" Few

By Jeff Trawick, WildPackets Professional Services

If you have used WildPackets Peek analyzers for any period of time, you have probably become very familiar with, and fond of, the Select Related feature, which enables you to isolate packets based on node addresses, protocols, ports, conversations, and other criteria. You have also probably experienced the power of filtering that the Peek analyzers offer. Yet many analysts miss out on some additional packet selection features that are also very powerful, providing you with more flexible ways to refine your view of network traffic.

These features are available in the Select dialog, which can be accessed in two ways. You can find the Select option on the Edit menu, or you can access it using the CTRL-E keyboard shortcut. Either method will reveal the Select dialog, as shown below. Check out the array of powerful searches you can perform in a just a couple of quick steps...

Although you can accomplish many of the same tasks using filters, the Select feature enables you to perform rapid searches without requiring you to write a filter. By basing your selection on an ASCII string, for example, you could locate a packet with rogue content, target unauthorized URLs, suspect e-mail text, or other similar content.

The really cool aspect of this feature is that it can be used "on the fly" - in real time. While your capture is running, you can select packets that meet your criteria and copy only those packets to a new window for further analysis.

After you have defined the selection criteria, click the Select Packets button. You will be given the options to hide the selected or unselected packets (only post-capture) or copy the packets to a new window (during or after capture).

So dive right in! See how isolating a select few packets can ease your analysis and troubleshooting sessions!