Address filtering is used to capture traffic to and from a specific device based on its hardware or protocol address. Address filters are also used to catch traffic to the broadcast, multicast and (in the case of IPv6) anycast addresses.
Whenever I go onsite, I start capturing all traffic to get a feel for the 'talkers' on the network. Once this is done, I can focus in on the top talkers or talkers that are sending unusual traffic.
First let's look at the three most common types of filters that are used:
MAC address filters
IP address filters
IPX address filters
In this chapter, we’re focusing on the easy method of building basic address filters. In Chapter 4, we’ll go over some more advanced filters.