Rule Editor

You can fill here the following rule parameters parameters:

Rule description

The description of the rule (maximum 100 symbols). This field can stay blank.

IP protocol

Defines the name or the number of an IP protocol for the rule. See the IP protocol number article in TMeter Knowledge Base.

Source and Destination

These fields define a method of checking the IP addresses of the captured packets. If the captured packet is TCP or UDP, you can set the conditions to check the TCP or UDP port number.

Direction

There two options are available here:

The above description can be supported by the following example. Imagine, that you create rule:

Filter 1. Traffic from My computer to any web server.
 
Rule
Type of IP 
protocol
Source
address
Source
port
Destination
address
Destination
port
Both
directions
Action
for
packet
Additional condition
1 TCP My computer  Any Any  80 ? Count  

The packets will be processed in the Rule as the follows:

Example of processing packet with different Direction option
Rule 1 TCP packet (1):
Src: My computer
Dst: 192.168.0.10
Src port: Any
Dst port: 1389
TCP packet (2):
Src: 192.168.0.10
Dst: My computer
Src port: 80
Dst port: 1389
TCP packet (3):
Src: 192.168.0.10
Dst: My computer
Src port: 80
Dst port: 1390
"Also match packets..." is disabled Direct Match - -
"Also match packets..." is enabled
"Stateful Inspection" is disabled
Direct Match Mirrored Match Mirrored Match
"Also match packets..." is enabled
"Stateful Inspection" is enabled
Direct Match Mirrored Match* -

* Mirrored Match will only occur when Packet (2) is captured after Packet (1).

Attention! The "Direction" option is enabled by default. Unless you surely know what you are doing, leave this untouched.

TCP options (only for TCP protocol)

There two options are available here:

ICMP options (only for ICMP protocol)

This enables checking a type of each captured ICMP packet. If captured packet is ICMP Echo Request, the match will be appeared (if other condition are valid also). This option is useful for creating firewall fules as well.

Action

The "Action" property defines what TMeter should do with the captured packet in case of Rule Match.

These actions can be expressed in the next table as well:

Action The counters will be updated The captured packet will be processed by the next filter The captured packet will be denied by firewall
Count Yes Yes No
Pass (not count) No No No
Count and pass Yes No No
Block No No Yes
No rule match No Yes No

Options "The packet must be"

This defines whether the packet must be counted in the previous filter(s), not counted in the previous filter(s) or ignore this option. It is useful to prevent counting the same packet twice.

Option "Via network adapter"

You can select the network adapter whose the traffic will be processed in this rule. To use this option,you should assign the alias for the network adapter(s).

Traffic counters condition

This allows setting the traffic limits for the filters (available only in Active Capture Mode). See configuration example 6.

Time-based counters conditions

This allows to define a time when the current rule will be valid.

 


You can invoke Rule Editor from Filter Editor.