Background: Know: FilterEntry definition, Prerequisites - Ethernet frame length, CRC checks, alignment checks, Recognize:
- Filter is a tool to observe traffic on network . There are 2 types of filter:
filterPktDataOffset is distance from the beginning of a packet to a bit where the test begins. For example, if filterPktDataOffset =0, filter will begin examine packet from the first bit of it.
filterPktData contains a checking sequence. packet stream is compared to this sequence. Specific position is defined in filterPktDataMask and FilterDataNotMask
For status filter, status of a packet is stored in a bitmap call filterPktStatus which contains 3 bits as follow:
|0||Packet length is longer than 1518 octets|
|1||Packet length is shorter than 64 octets|
|2||Packet has CRC or alignment error|
A channel is defined by a set of filters. When a packet passes both data filter and status filter of a filter, it is accepted for a channel. This process can be illustrated by the following diagram:
Figure1: Channel( from figure 9.5, William Stallings: SNMP, SNMPv2, SNMPv3 and RMON 1 and 2)
Channels are defined in a table call channelTable. Each row of the channelTable defines a unique channel.
ChannelIndex is an interger that identifies a row in the channelTable. In other words, channelIndex is a number which refers to a unique channel
Figure 2: ChannelTable ( from figure 9.7, William Stallings: SNMP, SNMPv2, SNMPv3 and RMON 1 and 2)