Share via

Writing Etype/SAP Filter Portion

  • Article

The Etype/SAP portion of the capture filter notifies the Network Monitor driver to accept frames that have a specific combination of Etypes and service access points (SAPs). Etypes and SAPs are both ways that low-level protocols such as Ethernet, LLC, and Snap indicate which protocol follows them. Specifically:

  • Ethernet specifies an Etype
  • LLC specifies a SAP
  • Snap specifies an Etype

Etype/SAP Capture Filter Flags

Use the following information to set the flags in the FilterFlags member of the CAPTUREFILTER structure.

Flag Meaning
CAPTUREFILTER_ FLAGS_INCLUDE_ ALL_SAPS Passes all SAP values and notifies the driver that all SAP values are valid.

If combined with any values in the lpSapTable member, this flag notifies the driver that all SAP values except those in the lpSapTable are valid.
CAPTUREFILTER_ FLAGS_INCLUDE_ ALL_ETYPES Passes all Etype values and notifies the driver that all Etype values are valid.

If combined with any values in the lpEtypeTable member, this flag notifies the driver that all Etype values except those in the lpEtypeTable are valid.
CAPTUREFILTER_ FLAGS_LOCAL_ONLY Setting this flag will not set a NIC to P-Mode. You will only see local traffic (any frames to the local machine).
CAPTUREFILTER_ FLAGS_KEEP_RAW Keeps SMT and Token Ring MAC frames.

Etype/SAP Capture Filter Settings

Use the following information to set the lpSapTable and lpEtypeTable members of the CAPTUREFILTER structure.

Setting Meaning
lpSapTable Lists the SAP values that you want the driver to pass. This list tells the Network Monitor driver to validate any frame that contains a match. If CAPTUREFILTER_FLAGS_INCLUDE_ALL_SAPS is set, this becomes an exception list (if found, do not pass).
lpEtypeTable Lists the Etype values that you want the Network Monitor driver to pass. This list alone tells the driver to validate any frame that contains a match. If CAPTUREFILTER_FLAGS_INCLUDE_ALL_ETYPES is set, this becomes an exception list (if found, do not pass).