Miscellaneous IP Protocol Filters
Since version 2.5, IPTraf allows filtering of other IP (non-TCP, non-UDP) protocols by source and destination IP address (as compared to the simple toggles in previous versions).
Other IP filters are managed under the Filters.../Other IP... menu. It has the same options as the Filters.../TCP... menu.
As with the TCP filter menu, select Define new filter... to define a new filter. Enter a description and press Enter to go to the next dialog box.
The network criteria dialog box asks for the source and destination addresses and wildcard masks, and which protocols to match.
As with the TCP and UDP filters, you may enter an IP address or host name in the Address fields. Specify under the Wildcard mask fields the bit masks that determine which bits in the rule's addresses are to be matched with the addresses in the packets just like as in the TCP and UDP filter dialogs.
After the addresses and masks, enter Y beside each protocol to match. Any other entry (or no entry) for the protocol fields will cause the filter to ignore those protocols.
If the Include/Exclude field is set to E, (exclude), the filter logic will be reversed, and all packets matched by the filter will be omitted instead. This is useful if you want to display all packets of a type of traffic except for a select few (just like the TCP and UDP filters). This field is set to I (include) by default.
Define as many entries as you need. Entries are processed in the order they are entered. Therefore, if a packet matches an entry, it will no longer match any other matching filter entry.
The miscellaneous IP protocol filter matches packets whose source and destination addresses exactly fit the filter's source and destination specifications (unlike the TCP/UDP filters which match packets flowing in both directions). In other words, the filter matches packets flowing in only one direction. Should you want to match packets flowing in the opposite direction, you will have to define another filter entry reversing the source and destination addresses and masks. The example below illustrates this:
Examples
To display only ICMP packets from anywhere to host 10.0.0.1:
This does not match ICMP packets from 10.0.0.1 to anywhere (while a similar TCP/UDP filter would have matched the opposite-flowing TCP and UDP packets). To match ICMP packets from host 10.0.0.1 to anywhere (the reverse of the above example):
Other Examples
To display all OSPF, IGP, and IGRP packets only from anywhere to anywhere
| Address | 0.0.0.0 | 0.0.0.0 |
| Wildcard mask | 0.0.0.0 | 0.0.0.0 |
| Protocols to match | OSPF: Y IGP: Y IGRP: Y | |
| Include/Exclude | I |
To display all ICMP except those destined for 207.0.115.45
First entry:
| Address | 0.0.0.0 | 207.0.115.45 |
| Wildcard mask | 0.0.0.0 | 255.255.255.255 |
| Protocols to match | ICMP: Y | |
| Include/Exclude | E |
Then enter a second entry:
 | Tip |
|---|---|
To omit all non-TCP and non-UDP IP traffic from the display, define a filter with source and destination addresses 0.0.0.0, wildcard masks 0.0.0.0, without specifying Y to any of the protocols. Mark the Include/Exclude field with an I. |
The filters can also be edited in much the same way as the TCP and UDP filters with the same keystrokes. After selecting the filter you want to edit, you will see the IP addresses/hostnames and masks of the filter rules. As you move the selection bar to select a rule, the bottom of the selection box displays the protocols that particular rule matches.
The Detach filter... item causes the filter to deactivate, and all protocols (other than TCP and UDP of course) will be displayed in the lower window.
As with the TCP and UDP filter editing dialogs, you can press Enter to edit the selected rule, I to insert at the selection bar's current position, A to add to the list of rules, and D to delete the currently pointed rule. You can move the rule selection bar with the Up and Down cursor keys.
The Delete filter... menu item allows you to delete an entire filter.