LanDetective Internet Monitor - Capture Filters

Capture filters are the filters used by LanDetective Internet Monitor when capturing data from network. With capture filters you can define which data exactly is to be captured and which one is to be ignored. With properly set up capture filters, you can avoid further analysis of huge volumes of useless information.

To set up capture filters, click on the corresponding button on the toolbar or use the menu: Tools, Capture filters...

There are two tabs in the filters dialog box: Basic and Extended.
On the Basic tab, you can specify the protocols (services) to be analyzed by LanDetective Internet Monitor. We recommend you to select only the protocols you are interested in.
On the Extended tab, you can specify additional capture filer parameters:

  • WEB
    • URL - filter captured data by URL. The * character is allowed as a wildcard substituting a group of characters. For example, *.org/*.zip would match any file with the .zip extension downloaded from any website within the .org domain. To edit the filter, use its context menu.
    • Media type - filter captured data by type. You can specify your own value or select one from the list. The * character is allowed as a wildcard to substituting a group of characters. For example, image/* would match an image of any type. To edit the filter, use its context menu.
    • HTTP method - filter captured data by the HTTP protocol method (GET or POST).
    • File size - filter captured data by size. You can specify a minimum or a maximum size. Postfixes M - megabyte, G - gigabyte are also allowed. For example, 100M would stand for 100 megabytes.
  • FTP
    • File name - filter captured files by name of the downloaded or uploaded file (including path on the FTP server). The * character is allowed as a wildcard substituting a group of characters. For example, */secret/*.zip would match any file with the .zip extension in catalog secret. To edit the filter, use its context menu.
    • Account - filter captured files by FTP account. The * character is allowed as a wildcard substituting a group of characters. To edit the filter, use its context menu.
    • File size - filter captured data by size. You can specify a minimum or a maximum size. Postfixes M - megabyte, G - gigabyte are also allowed. For example, 100M would stand for 100 megabytes.
  • MAIL
    • Sender - filter captured email by sender's e-mail address. The * character is allowed as a wildcard substituting a group of characters. For example, *@example.com would match any address within the example.com domain. To edit the filter, use its context menu.
    • Recipient - filter captured email by recipient's e-mail address. The * character is allowed as a wildcard substituting a group of characters. For example, *@example.com would match any address within the example.com domain. To edit the filter, use its context menu.
  • CHAT
    • IRC commands - filter captured IRC messages by an IRC command.
  • IP & MAC
    • IP Address - filter captured data by IP address
    • IP Subnet - filter captured data by IP subnet
    • MAC Address - filter captured data by MAC address.