Purpose 

This article describes the advanced report filtering in the Discovery Scan Settings.

Introduction

In the Discovery Scan Settings UI, you can deselect a specific protocol that you do not want to trigger on. However, this only stops from explicitly sending requests with those protocols, it does not prevent it from triggering on related traffic. This may lead to seeing targets trigger on protocol that are deselected in the UI.

With the advanced report filtering option, you can perform a discovery scan but ignore traffic matching the filter by adding Berkeley Packet Filter (BPF) expressions. 

Report Filters

BPF Expression Syntax

Refer to the following link for syntax:

biot.com/capstats/bpf.html

Use Cases

Sometimes, even if you do not of send an ARP message, you may still get an ARP response which marks the target as alive. By setting a filter to remove the ARP messages, the scanner will not report on ARP responses.

Additional Resources

Berkeley_Packet_Filter




Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.