Building Blocks for a Custom Packet Capture
The following table describes the components of the
page that you use to configure packet captures, enable packet capture, and to download packet capture files.
Custom Packet Capture Building Blocks
When enabling custom packet captures, you should define filters so that only the packets that match the filters are captured. This will make it easier to locate the information you need in the pcaps and will reduce the processing power required by the firewall to perform the packet capture.
Addto add a new filter and configure the following fields:
After defining filters, set the
ON. If filtering is
OFF, then all traffic is captured.
This option is for advanced troubleshooting purposes. After a packet enters the ingress port, it proceeds through several processing steps before it is parsed for matches against pre‑configured filters.
It is possible for a packet, due to a failure, to not reach the filtering stage. This can occur, for example, if a route lookup fails.
Pre-Parse Matchsetting to
ONto emulate a positive match for every packet entering the system. This allows the firewall to capture packets that do not reach the filtering process. If a packet is able to reach the filtering stage, it is then processed according to the filter configuration and discarded if it fails to meet filtering criteria.
Click the toggle switch to turn packet capture
You must select at least one capture stage. Click
Addand specify the following:
Contains a list of custom packet captures previously generated by the firewall. Click a file to download it to your computer. To delete a packet capture, select the packet capture and then
After you turn on packet capture and then turn it off, you must click Refresh ( ) before any new pcap files display in this list.
Clear All Settings
Clear All Settingsto turn off packet capture and to clear all packet capture settings.