Creating a capture filter

• Console
• CLI
• API

• 1. Open the navigation menu, click Networking, and then click Capture filters, found in the Network Command Center group.
  2. Enter the following:
     • Name: A descriptive name for the capture filter. It doesn't have to be unique, and you can't change it later in the Console (but you can change it with the API).
     • Compartment: Select the compartment you want to create the capture filter in.
     • Filter type: Select a filter type to create. The type must match its intended purpose. For example, if you intend to use the capture filter with a flow log, choose Flow log capture filter. For more information, see VCN Flow Logs and Virtual Test Access Points.
     • (Optional) Sampling rate: For flow log capture filters, select a sampling rate. Sampling rate is expressed as a percentage of network flows captured.
     • Rules: Create at least one rule. Capture filter rules are examined in order and run when matched. When the first match is found, remaining rules aren't examined or run. If you reorder the rules the capture filter behavior changes. Each capture filter can have a maximum of ten rules. See Capture filters and rules for examples of rule behavior.

       Each rule can state whether to include or exclude packets based on the traffic direction (ingress or egress), source or destination IPv4 CIDR or IPv6 prefix of the traffic, or the IP protocol used for the packet (TCP, UDP, ICMP, ICMPv6). Each protocol type offers further options appropriate for that protocol.

  3. (Optional, under Show Advanced Options) Tags:
  4. Click Create Capture Filter.

• Use the capture-filter create command and required parameters to create a capture filter:

  oci network capture-filter create --compartment-id  compartment_OCID --filter-type  VTAP or FLOWLOG ... [OPTIONS]

  For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.

• Run the CreateCaptureFilter operation to create a capture filter.