FrameSeer Help: Defining simple capture filters

Defining simple capture filters

The Define Filters (Shift+Command+R) command opens the Filter Specification window. Use the following buttons to create or delete filters:

New	Creates a new, untitled filter.
Duplicate	Clones a copy of the currently-selected filter.
Delete	Removes the currently-selected filter.

To create a filter:

Click on the New or Duplicate button and give the filter a name; then
Select one or more filter terms from the Data Link, Network and Transport layer tabs.

The effect of each filter term is displayed in the Expert area. Note that multiple terms within a filter are ANDed together to form the filter expression. More complex filters can be constructed by editing the Expert area.

Save	Confirms all changes made since the Filter Specification window was opened. The window-close button is a synonym for Save.
Cancel	Discards all changes made since the Filter Specification window was opened.

The IP and MAC addresses that appear in the Source and Destination Address combo boxes are obtained from your configuration and Address Resolution Protocol (ARP) tables. See [man arp] for additional information about the ARP table. To save typing MAC addresses manually, ping the destination device from a terminal window and its IP and MAC addresses will be added to the combo boxes dynamically.