The SliceMe Filter Plug-in slices packets after TCP/UDP layer. This filter is an advanced plug-in filter. It will only filter packets in a real-time capture window, not a trace file window.
It is set up by creating an advanced filter with an Advanced Analysis Module filter node, and selecting the DupMe analysis module. Below is a screenshot demonstrating the steps involved.
The filter works by looking at each captured packet, and comparing it to some number of packets in the capture buffer. The number of packets in the capture buffer that it compares the current packet to (or depth) is configured in the global options settings for the DupMe analysis module. This option can found at Tools->Options->Analysis Modules->DupMe->Options. The default depth is 10.
The DupMe Plug-in will work with any flavor of OmniPeek, and can be downloaded by any customer with maintenance.
Below is a screenshot showing the result of running the DupMe filter. The trace file on the left has a duplicate packet for every packet. The capture on the right is a real-time capture with the DupMe filter enabled. The packets from the file window on the left were sent to the real-time capture on the right using the PeekPlayer Plug-in from MyPeek.
Version 220.127.116.11 1/20/11
- Posted to MyPeek
Posted by: Sergio Antonio Cervera on Wednesday, April 8th, 2015 at 10:27 PM