Login
- Table of Contents
-
- 03-Monitor
- 01-Application analysis center
- 02-Blacklist logs
- 03-Single-packet attack logs
- 04-Scanning attack logs
- 05-Flood attack logs
- 06-Threat logs
- 07-Reputation logs
- 08-URL filtering logs
- 09-File filtering logs
- 10-Data filtering logs
- 11-Security policy logs
- 12-IPCAR logs
- 13-Sandbox logs
- 14-NAT logs
- 15-SSL VPN user access logs
- 16-SSL VPN access resource logs
- 17-Terminal status
- 18-DLP logs
- 19-Zero trust policy logs
- 20-Application audit logs
- 21-System logs
- 22-Configuration logs
- 23-Traffic logs
- 24-Load balancing logs
- 25-TopN traffic
- 26-Security policy hit analysis
- 27-TopN threats
- 28-TopN URL filtering statistics
- 29-TopN file filtering statistics
- 30-Attack defense statistics
- 31-Server load balancing statistics
- 32-Outbound link load balancing statistics
- 33-Transparent DNS proxy statistics
- 34-Connection rate ranking
- 35-DLP statistics
- 36-TopN traffic trends
- 37-Security policy hit trend analysis
- 38-TopN threat trends
- 39-TopN URL filtering trends
- 40-TopN file filtering trends
- 41-Link trend
- 42-Routing policy trends
- 43-Virtual server trend
- 44-Server farm trends
- 45-Real server trend
- 46-Domain Requested Times Trend
- 47-TopN file filtering trends
- 48-Online SSL VPN users trend
- 49-Botnet analysis
- 50-Asset security
- 51-Threat case management
- 52-Report settings
- 53-Session list
- 54-LB session information
- 55-DNS cache information
- 56-User information center
- 57-IPv4 online users
- 58-IPv6 online users
- 59-MAC authentication online users
- 60-Terminal status
- 61-Asset scan
- 62-Ping
- 63-Tracert
- 64-Packet capture
- 65-Webpage Diagnosis
- 66-Diagnostic Info
- 67-Packet trace
- 68-Load balancing test
- 69-IPsec diagnosis
- 70-Risk analysis
- 71-Content moderation logs
- 72-Content security top
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 67-Packet trace | 33.47 KB |
Packet trace
This help contains the following topics:
Introduction
The packet trace feature traces packets processed by security services, and provides detailed information about the packets to help you troubleshoot network failures. The security services include attack protection, uRPF, session management, and concurrent connection limit.
Application scenarios
Packet trace applies to scenarios where a large number of security services are deployed and it is difficult to locate network failures rapidly and accurately.
Packet trace modes
To meet troubleshooting requirements in various situations, the packet trace feature provides the following packet trace modes:
· Tracing real traffic—Traces real traffic on the device in a live network. Use this mode for troubleshooting in a live network.
· Tracing imported packets—Imports captured packets from a .cap or .pcap file and analyzes the packets. Use this mode if packets required for troubleshooting have been captured. Using this mode, you can help troubleshoot failures on other networks.
· Tracing constructed packets—Uses settings configured by the administrator to construct a packet and verify packet processing results for configured security services. When you complete device configuration, use this mode to create a packet to verify the expected packet processing result.
Restrictions and guidelines
· The system generates .cap files only if you select Capture diagnose packets before clicking Diagnose.
· You cannot export the same .cap files repeatedly. Once being exported, .cap files are deleted from the device.
· Importing captured packets from a .cap or .pcap file imports only packets of the first 10 data flows, 10 packets each data flow. The packet trace feature traces only imported packets that are complete. It does not trace packets that are incomplete.
Configure packet trace
Before enabling packet trace, configure the following items to identify the packets to be traced:
· IP type—Specifies the IPv4 or IPv6 packet type. To trace IPv4 packets, select IPv4. To trace IPv6 packets, select IPv6.
· Incoming interface—Specifies the incoming interface of the packets.
· Protocol—Specifies the protocol used by the packets.
· Source address—Specifies the source address of the packets.
· Source port—Specifies the source port of the packets.
· Destination address—Specifies the destination address of the packets.
· Destination port—Specifies the destination port of the packets.
· Source MAC—Specifies the source MAC of the packets.
· Destination MAC—Specifies the destination MAC of the packets.
· VLAN ID—Specifies the VLAN ID of the packets.
· Diagnosis time—Specifies the packet trace duration. When the specified time expires, packet trace stops. This setting is supported only in real traffic mode.
· Capture diagnose packets—Indicates whether to capture traced packets and save the packets to .cap files. To capture and save the packets, select this option. To export the .cap files, click Export, select Captured diagnostic packets, and click OK.
The packet trace output shows the packet
processing procedures of security service modules. If a service module
processes packets correctly, the system displays 
.
If a service module drops packets, the system displays 
and
the packet loss causes.
