/*<![CDATA[*/ div.rbtoc1769795220711 {padding: 0px;} div.rbtoc1769795220711 ul {list-style: none;margin-left: 0px;padding-left: 15px;} div.rbtoc1769795220711 li {margin-left: 0px;padding-left: 0px;} /*]]>*/ Purpose Introduction BPF Expression Syntax Use Cases Additional Resources
Purpose
This document describes the advanced report filtering in the Discovery Scan Settings.
Introduction
In the Discovery Scan Settings UI, you can deselect a specific protocol that you do not want to trigger on. However, this only stops from explicitly sending requests with those protocols, it does not prevent it from triggering on related traffic. This may lead to seeing targets trigger on protocol that are deselected in the UI.
With the advanced report filtering option, you can perform a discovery scan but ignore traffic matching the filter by adding Berkeley Packet Filter (BPF) expressions.
BPF Expression Syntax
Refer to the following link for syntax:
Use Cases
Sometimes, even if you do not of send an Address Resolution Protocol (ARP) message, you may still get an ARP response which marks the target as alive. By setting a filter to remove the ARP messages, the scanner will not report on ARP responses.
Additional Resources