- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-Threat logs
- 07-Reputation logs
- 08-URL filtering logs
- 09-File filtering logs
- 10-Data filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-NAT logs
- 15-SSL VPN user access logs
- 16-SSL VPN access resource logs
- 17-Terminal status
- 18-DLP logs
- 19-Zero trust policy logs
- 20-Application audit logs
- 21-System logs
- 22-Configuration logs
- 23-Traffic logs
- 24-Load balancing logs
- 25-TopN traffic
- 26-Security policy hit analysis
- 27-TopN threats
- 28-TopN URL filtering statistics
- 29-TopN file filtering statistics
- 30-Attack defense statistics
- 31-Server load balancing statistics
- 32-Outbound link load balancing statistics
- 33-Transparent DNS proxy statistics
- 34-Connection rate ranking
- 35-DLP statistics
- 36-TopN traffic trends
- 37-Security policy hit trend analysis
- 38-TopN threat trends
- 39-TopN URL filtering trends
- 40-TopN file filtering trends
- 41-Link trend
- 42-Routing policy trends
- 43-Virtual server trend
- 44-Server farm trends
- 45-Real server trend
- 46-Domain Requested Times Trend
- 47-TopN file filtering trends
- 48-Online SSL VPN users trend
- 49-Botnet analysis
- 50-Asset security
- 51-Threat case management
- 52-Report settings
- 53-Session list
- 54-LB session information
- 55-DNS cache information
- 56-User information center
- 57-IPv4 online users
- 58-IPv6 online users
- 59-MAC authentication online users
- 60-Terminal status
- 61-Asset scan
- 62-Ping
- 63-Tracert
- 64-Packet capture
- 65-Webpage Diagnosis
- 66-Diagnostic Info
- 67-Packet trace
- 68-Load balancing test
- 69-IPsec diagnosis
- 70-Risk analysis
- 71-Content moderation logs
- 72-Content security top
- Related Documents
-
Title | Size | Download |
---|---|---|
64-Packet capture | 34.35 KB |
Packet capture
This help contains the following topics:
¡ Configure packet capture settings
Introduction
The packet capture feature captures incoming and outgoing packets, generates packet capture records, and saves the records to a .cap file. The file can reside on the device or a remote file server. You can use a packet analyzer such as Wireshark to view the file for traffic analysis.
Restrictions and guidelines
· Only one packet capture process can run on the device.
· You can configure packet capture parameters only when packet capture is not started.
· Start packet capture only when necessary. Packet capture affects device performance.
· If packet capture saves .cap files on the device, back up the .cap files on the device as required after you finish packet capture. Starting packet capture again deletes the existing .cap files.
· Packet capture is not supported on shared interfaces of a non-default context.
Perform packet capture
Start packet capture
1. Select Monitor > Diagnosis Center > Packet Capture.
2. Click Start packet capture.
3. Configure filters as shown in Table 1.
Table 1 Configuration items for setting filters
Item |
Description |
Interface |
Capture packets received or sent by an interface. |
ACL |
Capture packets permitted by an advanced ACL. |
Direction |
Direction of packets to be captured. Options: · Both—Capture packets received and sent by the device. · Inbound—Capture packets received by the device. · Outbound—Capture packets sent by the device. |
4. Click Start.
On the Packet Capture page, the Packet Capture Status field displays Started.
5. To stop packet capture, click Stop packet capture.
The Packet Capture Status field displays Stopped. The bottom pane displays information about generated .cap files.
Configure packet capture settings
1. Select Monitor > Diagnosis Center > Packet Capture.
2. Click Set packet capture parameters.
3. Configure packet capture parameters as shown in Table 2:
Table 2 Packet capture configuration items
Item |
Description |
Maximum bytes per packet |
Specify the maximum number of bytes for a capture record. If a packet is longer than the value of this item, the system truncates the packet. |
Maximum packets per file |
Specify the maximum number of packet capture records for a .cap file. The system first saves packet capture records to memory. After the maximum number of packet capture records for a file is reached, the system saves the records to a file and clears the records in memory. A greater value for this item requires more memory space. If the available memory space is limited, decrease the value. |
Save files on the device |
Save the .cap files on the device. If you select this option, you can set the Maximum storage space item to specify the maximum storage space for .cap files. After the maximum storage space is reached, the system stops capturing packets. |
Save files to a remote server |
Save the .cap files to an FTP or TFTP server. To save .cap files to an FTP server, you must configure the username and password for accessing the FTP server. |
4. Click OK.