WinGate provides the ability for you to capture network packets to and from the WinGate server. Traffic on all network interfaces can be captured or you can perform either basic or freehand filtering to capture particular packets. Traffic is captured to a pcap format file (.cap) for easy viewing and analysis using a pcap capable network analyzer (such as Wireshark).
Packet captures can provide a valuable insight for advanced network administrators who implement network security. With a comprehensive list of filter options, traffic can be sorted to match very particular criterion as required. Covering a wide range of packet and protocol properties, the filter options allow you to target only the packets you require in the capture.
It will not capture packets from any IP address that has been blackholed by WinGate.
Here you can filter based on Source or Destination IP address and the corresponding port ranges.
If you only specify either a Source or Destination address (not both) and the Rule is bi-directional option is checked, then packets both to and from that IP address will be captured. Otherwise packets will be filtered according to which address was specified.
e.g. If you are specifying only a Source IP address and the Rule is bi-directional option not set, then only packets that contain this IP as the source IP address will be filtered (included in the capture).
In the example below all traffic to and from the IP address 192.168.0.112 and 192.168.0.48 on port 389 will be captured (because the Rule is bi-directional option has been selected).
With a freehand filter you can use simple syntax to filter the packets based on available packet information. This allows you to define very specific conditions to filter with.
The Freehand filter field allows you to use the available filter options to create conditional expression that will be evaluated in order to filter specific packets. You can choose filter options to place in the expression by selecting the Filter options button to the right of the Freehand filter field to open up the Filter options list.
In the example below packets will be captured only if the tcp.port (TCP destination port filter) specified in the packet is equal to http (80) AND the ip.address (IP address either Source or Destination filter) is equal to 192.168.0.112.
The filter syntax supports the following logical operators:
|
Operator |
Description |
|---|---|
|
= |
Is equal to. Note: = (as opposed to ==) is used since there is no concept of assignment in the syntax. |
|
< |
Less than |
|
> |
Greater than |
|
<= |
Less than or Equal to |
|
>= |
Greater than or equal to |
|
AND (case insensitive. && can be used) |
BOOLEAN and, i.e. both operands must evaluate TRUE |
|
OR (case insensitive. || Can be used) |
BOOLEAN or, i.e. at least one of the operands must evaluate TRUE |
|
NOT (case insensitive. ! Can be used) |
|
|
XOR |
BOOLEAN xor, i.e. one and only one operand must evaluate TRUE |
Parentheses may be used to group expressions.
( Open parenthesis
) Close parenthesis
Select the appropriated radio button and configure the type of filtering you wish to capture traffic with.
When ready to begin capturing click the Start button. You can now close the Packet capture dialog if you wish by clicking Close.
You can use basic Full-Text Searches against the page title and body to find matching articles. Use the following search modifiers to refine your query:
