Configuring prefilters

Use the SMARTNIC SETUP widget to filter the packets that are captured to reduce the size of captured and stored packets.

About this task

The Napatech Programming Language (NTPL) tool is a command-line tool that is used for changing the stream behavior and filter settings on a Napatech card. The SMARTNIC SETUP widget uses the NTPL tool to specify the packet filter expression.

The NTPL command syntax uses Backus-Naur Form (BNF) notation. When you specify the filter expressions in the SMARTNIC SETUP widget, you must use BNF syntax. For more information about creating BNF expressions, see NTPL Overview and Filter Expressions in the Napatech Documentation Portal.

Procedure

  1. In QRadar® Network Packet Capture, click the ADMIN tab.
  2. Go to the SMARTNIC SETUP widget.
  3. Configure prefilters:
    1. Enter your statement in the PRE-FILTER field.
    2. Click Apply.
  4. Configure packet processing:
    1. Enter your statement in the PRE-FILTER field.
    2. Select Enable Slicing and set the offset to enable slicing. The slicing offset is configured as a dynamic offset plus a static offset so that all packets are sliced.
    3. Click Apply.