This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

how to check packet decoder network filter rule filter what amount of data

Lalsingh
Beginner
Beginner

‎2018-03-08 02:47 AM

HI,

 

I have make network filter rule in packet decoder and I want to know how much data is filter by this rule ?

 

Regards,

Lal pratap singh

0 Likes
2 REPLIES 2

david_waugh
Beginner
Beginner

‎2018-03-08 08:00 AM

Hi Lal

 

What you can do is make sure that your App Rule is set to Alert. This will then create meta in that meta key with the name of the app rule.

 

You can then use an investigation view to find out how much traffic the rule is hitting.

0 Likes

JoshRandall
Valued Contributor Valued Contributor
Valued Contributor

‎2018-03-08 11:16 AM

Hi Lal,

 

Navigate to your Packet Decoder's Explore menu:

image002.png

 

Expand the /decoder/stats node:

image004.png

 

And look for the capture.netfilter.bytes stat:

image008.png

 

This will be the total number of bytes that your network rules have filtered.

 

Similarly, the capture.appfilter.bytes stat here will show the total number of bytes that your App rules have filtered and truncated:

image010.png

 

Hope this helps.


Mr. Mongo
0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.