This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

how to configure network filter rule in packet decoder to filter source and destination subnet

Lalsingh
Beginner
Beginner

‎2018-03-09 12:56 AM

how to configure network filter rule in packet decoder to filter source and destination subnet.

 

My source subnet is 172.16.4.0/22,172.20.6.128/27, and destination subnet is 172.20.6.88/28,172.20.6.88/28

 

I am configuring the syntax like this .

 

ip.src = 172.16.4.0/22 || 172.20.6.128/27 && ip.dst= 172.20.6.88 || ip.dst=172.20.6.88/28

 

But after this still i am getting packet from this subnet .

 

so Please suggest  correct syntax . 

0 Likes
2 REPLIES 2

david_waugh
Beginner
Beginner

‎2018-03-09 07:18 AM

Hello

Not sure that your syntax is correct.

Try:

(ip.src = 172.16.4.0/22 || ip.src=172.20.6.128/27) && (ip.dst= 172.20.6.88 || ip.dst=172.20.6.88/28)

0 Likes

Anonymous
Not applicable

‎2018-03-09 03:56 PM

David is right, and that should fix your rule issue. I just wanted to mention that if you're wanting to completely remove the traffic, you might want to consider using the Berkeley Packet Filter. It can drop traffic like that with almost no overhead.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.