Observer Analyzer : Observer Analyzer : Security and Privacy : Sharing packet captures with third-parties
Sharing packet captures with third-parties
Unless necessary, it is generally unwise to share “full” packet captures with outside sources because you could end up sharing too much information—information that should not be shared.
To prevent this from happening, Observer allows you to create a filtered packet capture from a larger capture. Filtered captures behave exactly like full captures—as they are indeed a complete capture file—except they only contain packets of your choice.
Creating a filtered capture can be done locally either before or after the initial capture is made. Post-filtering is not possible from the GigaStor Control Panel, from local probe instance redirected to another system, or from remote probe instances. We recommend you become familiar with both processes before continuing.
Note: You can also configure Observer to create partial packet captures regardless of protocol. See Configuring Observer to capture partial packets.
To create a filtered packet capture fit for sharing, ensure the full packet capture is loaded in Observer then:
1. On the Home tab, in the Probe group, click Filters > Configure Software Filter.
2. From the Active Filters window, click New Filter. Give your filter a name, and click OK.
3. Right-click the new filter, and select Edit Rule As > Packet Partial Capture.
Figure 45: Creating a partial packet capture
4. Within the Partial Packet Payload for TCP/UDP Filter window, set up rules for how the filter is applied.
Specifically, the uppermost portion of the window is for filtering by IP address, range or subnet, and MAC or IPv6 address. The lowermost portion is for filtering application or protocol.
5. Click OK to confirm your changes.
6. Click OK to save your filter.
7. Enable your new filter to activate it, and click OK to save your changes.