Page 366 / 428
Scroll up to view Page 361 - 365
Using Diagnostic Tools
352
Check Point ZoneAlarm User Guide
P
ARAMETERS
port
Integer. The port to which the packet is sent.
E
XAMPLE
The following filter string saves packets that are destined for port 80:
dst port 80
ether proto
P
URPOSE
The
ether proto
element is used to capture packets of a specific ether protocol type.
S
YNTAX
ether proto
\
protocol
P
ARAMETERS
protocol
String. The protocol type of the packet.
This can be the following:
ip, ip6, arp, rarp,
atalk, aarp,
dec net,
sca, lat,
mopdl, moprc, iso, stp, ipx,
or
netbeui
.
E
XAMPLE
The following filter string saves ARP packets:
ether proto arp
Page 367 / 428
Using Diagnostic Tools
Chapter 17: Maintenance
353
host
P
URPOSE
The
host
element captures all incoming and outgoing packets for a specific computer.
S
YNTAX
host
host
P
ARAMETERS
host
IP Address or String. The computer to/from which the packet
is sent. This can be the following:
•
An IP address
•
A host name
E
XAMPLE
The following filter string saves all packets that either originated from IP address
192.168.10.1, or are destined for that same IP address:
host 192.168.10.1
not
P
URPOSE
The
not
element is used to negate filter string elements.
S
YNTAX
not
element
!
element
P
ARAMETERS
element
String. A filter string element.
E
XAMPLE
The following filter string saves packets that are
not
destined for port 80:
not dst port 80
Page 368 / 428
Using Diagnostic Tools
354
Check Point ZoneAlarm User Guide
or
P
URPOSE
The
or
element is used to alternate between string elements. The filtered packets must
match at least one of the filter string elements.
S
YNTAX
element
or
element [
or
element...]
element
||
element [
||
element...]
P
ARAMETERS
element
String. A filter string element.
E
XAMPLE
The following filter string saves packets that either originate from IP address 192.168.10.1
or IP address 192.168.10.10:
src 192.168.10.1 or src 192.168.10.10
port
P
URPOSE
The
port
element captures all packets originating from or destined for a specific port.
S
YNTAX
port
port
Note:
This element can be prepended by tcp or udp. For information, see
tcp
on
page 356 and
udp
on page 357.
P
ARAMETERS
port
Integer. The port from/to which the packet is sent.
Page 369 / 428
Using Diagnostic Tools
Chapter 17: Maintenance
355
E
XAMPLE
The following filter string saves all packets that either originated from port 80, or are
destined for port 80:
port 80
src
P
URPOSE
The
src
element captures all packets with a specific source.
S
YNTAX
src
source
P
ARAMETERS
source
IP Address or String. The computer from which the packet is
sent. This can be the following:
•
An IP address
•
A host name
E
XAMPLE
The following filter string saves packets that originated from IP address 192.168.10.1:
src 192.168.10.1
src port
P
URPOSE
The
src port
element captures all packets originating from a specific port.
S
YNTAX
src port
port
Note:
This element can be prepended by tcp or udp. For information, see
tcp
on
page 356 and
udp
on page 357.
Page 370 / 428
Using Diagnostic Tools
356
Check Point ZoneAlarm User Guide
P
ARAMETERS
port
Integer. The port from which the packet is sent.
E
XAMPLE
The following filter string saves packets that originated from port 80:
src port 80
tcp
P
URPOSE
The
tcp
element captures all TCP packets. This element can be prepended to port-related
elements.
Note:
When not prepended to other elements, the
tcp
element is the equivalent of
ip proto tcp
.
S
YNTAX
tcp
tcp
element
P
ARAMETERS
element
String. A port-related filter string element that should be
restricted to saving only TCP packets. This can be the
following:
•
dst port
- Capture all TCP packets destined
for a specific port.
•
port
- Capture all TCP packets originating from
or destined for a specific port.
•
src port
- Capture all TCP packets originating
from a specific port.
19216811.live