Login
- Table of Contents
-
- 07-System
- 01-Track
- 02-BFD
- 03-NQA
- 04-Basic log settings
- 05-Email server
- 06-Session log settings
- 07-Sandbox log settings
- 08-Threat log settings
- 09-Application audit log settings
- 10-NetShare log settings
- 11-URL filtering log settings
- 12-Attack defense log settings
- 13-Reputation log settings
- 14-Bandwidth alarm logs
- 15-Configuration log settings
- 16-Security policy log
- 17-Terminal identification logging
- 18-Heartbeat log settings
- 19-WAF log settings
- 20-Bandwidth management logs
- 21-Report settings
- 22-Session settings
- 23-Signature upgrade
- 24-Software upgrade
- 25-License management
- 26-Administrators
- 27-Date and time
- 28-SNMP
- 29-Configuration management
- 30-Reboot
- 31-About
- 32-Ping
- 33-Tracert
- 34-Packet capture
- 35-Webpage Diagnosis
- 36-Diagnostic Info
- 37-Packet trace
- 38-Fast Internet Access
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 34-Packet capture | 32.93 KB |
Packet capture
This help contains the following topics:
¡ Configure packet capture settings
Introduction
The packet capture feature captures incoming and outgoing packets, generates packet capture records, and saves the records to a .cap file. The file can reside on the device or a remote file server. You can use a packet analyzer such as Wireshark to view the file for traffic analysis.
Restrictions and guidelines
· Only one packet capture process can run on the device.
· You can configure packet capture parameters only when packet capture is not started.
· Start packet capture only when necessary. Packet capture affects device performance.
· If packet capture saves .cap files on the device, back up the .cap files on the device as required after you finish packet capture. Starting packet capture again deletes the existing .cap files.
Perform packet capture
Start packet capture
1. Select System > Diagnosis Center > Packet Capture.
2. Click Start packet capture.
3. Configure filters as shown in Table 1.
Table 1 Configuration items for setting filters
|
Item |
Description |
|
Interface |
Capture packets received or sent by an interface. |
|
ACL |
Capture packets permitted by an advanced ACL. |
4. Click Start.
On the Packet Capture page, the Packet Capture Status field displays Started.
5. To stop packet capture, click Stop packet capture.
The Packet Capture Status field displays Stopped. The bottom pane displays information about generated .cap files.
Configure packet capture settings
1. Select System > Diagnosis Center > Packet Capture.
2. Click Set packet capture parameters.
3. Configure packet capture parameters as shown in Table 2:
Table 2 Packet capture configuration items
|
Item |
Description |
|
Maximum bytes per packet |
Specify the maximum number of bytes for a capture record. If a packet is longer than the value of this item, the system truncates the packet. |
|
Maximum packets per file |
Specify the maximum number of packet capture records for a .cap file. The system first saves packet capture records to memory. After the maximum number of packet capture records for a file is reached, the system saves the records to a file and clears the records in memory. A greater value for this item requires more memory space. If the available memory space is limited, decrease the value. |
|
Save files on the device |
Save the .cap files on the device. If you select this option, you can set the Maximum storage space item to specify the maximum storage space for .cap files. After the maximum storage space is reached, the system stops capturing packets. |
|
Save files to a remote server |
Save the .cap files to an FTP or TFTP server. To save .cap files to an FTP server, you must configure the username and password for accessing the FTP server. |
4. Click OK.
