Net Optics Director User Manual
Page 38
Director
34
Have we achieved our goal of sending all the TCP traffic to Monitor Port 2? Not quite. What happens when an TCP
packet arrives from 192.186.10.0? It matches the filter at CAM address 1, so it is copied to Monitor Port 1. But that is
all that happens; it does not go to Monitor Port 2. The flow is correctly shown in the following diagram.
Monitor Port 2
Protocol =
TCP
Network Port 5
Monitor Port 1
Source IP =
192.186.10.0
match
no match
filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
CAM
Address
Filter
1
n1.5 ip_src=192.186.10.0 m.1
2
n1.5 ip_proto=TCP m.2
Correct flow diagram for two interacting filters
Figure 36:
To achieve the desired result of sending all TCP traffic to Monitor Port 2, clear the existing filters (filter discard
command) and create three new filters by entering:
filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1,m.2
filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
filter commit
The flow diagram now looks as follows.
Monitor Port 2
Protocol =
TCP
Network Port 5
Monitor Port 1
Source IP =
192.186.10.0
filter add in_ports=n1.5 ip_src=192.186.10.0 ip_proto=6 action=redir redir_ports=m.1,m.2
filter add in_ports=n1.5 ip_src=192.186.10.0 action=redir redir_ports=m.1
filter add in_ports=n1.5 ip_proto=6 action=redir redir_ports=m.2
match
+
no match
Source IP =
192.186.10.0
&
Protocol=
TCP
no match
+
CAM
Address
Filter
1
n1.5 ip_src=192.186.10.0 ip_proto=TCP
m.1,m.2
2
n1.5 ip_src=192.186.10.0
3
n1.5 ip_proto=TCP m.2
Correct way to send all TCP traffic to Monitor Port 2
Figure 37:
Now, packets that match both the IP address and protocol conditions are copied to both monitor ports, while packets
that match only one of the conditions are directed to the desired monitor port.