Building Blocks for a Custom Packet Capture
The following table describes the components of the MonitorPacket Capture page that you use to configure packet captures, enable packet capture, and to download packet capture files.
Custom Packet Capture Building Blocks
When enabling custom packet captures, you should define filters so that only the packets that match the filters are captured. This will make it easier to locate the information you need in the pcaps and will reduce the processing power required by the firewall to perform the packet capture.
Click Add to add a new filter and configure the following fields:
After defining filters, set the Filtering to ON. If filtering is OFF, then all traffic is captured.
This option is for advanced troubleshooting purposes. After a packet enters the ingress port, it proceeds through several processing steps before it is parsed for matches against pre‑configured filters.
It is possible for a packet, due to a failure, to not reach the filtering stage. This can occur, for example, if a route lookup fails.
Set the Pre-Parse Match setting to ON to emulate a positive match for every packet entering the system. This allows the firewall to capture packets that do not reach the filtering process. If a packet is able to reach the filtering stage, it is then processed according to the filter configuration and discarded if it fails to meet filtering criteria.
Click the toggle switch to turn packet capture ON or OFF.
You must select at least one capture stage. Click Add and specify the following:
Contains a list of custom packet captures previously generated by the firewall. Click a file to download it to your computer. To delete a packet capture, select the packet capture and then Delete it.
After you turn on packet capture and then turn it off, you must click Refresh ( ) before any new PCAP files display in this list.
Clear All Settings
Click Clear All Settings to turn off packet capture and to clear all packet capture settings.
Take a Custom Packet Capture
Take a Custom Packet Capture Custom packet captures allow you to define the traffic that the firewall will capture. To ensure that you capture all ...
Disable Hardware Offload
Disable Hardware Offload Packet captures for traffic passing through the network data ports on a Palo Alto Networks firewall are performed by the dataplane CPU. ...
Take a Custom Application Packet Capture
Take a Custom Application Packet Capture You can configure a Palo Alto Networks firewall to take a packet capture based on an application name and ...
Monitor > Packet Capture
Monitor > Packet Capture All Palo Alto Networks firewalls have a built-in packet capture (pcap) feature you can use to capture packets that traverse the ...
Packet Capture Overview
Packet Capture Overview You can configure a Palo Alto Networks firewall to perform a custom packet capture or a threat packet capture. Custom Packet Capture ...
Take a Threat Packet Capture
Take a Threat Packet Capture To configure the firewall to take a packet capture (pcap) when it detects a threat, enable packet capture on Antivirus, ...
Take a Packet Capture on the Management Interface
Take a Packet Capture on the Management Interface The tcpdump CLI command enables you to capture packets that traverse the management interface (MGT) on a ...
Take Packet Captures
Take Packet Captures All Palo Alto Networks firewalls allow you to take packet captures (pcaps) of traffic that traverses the management interface and network interfaces ...
Take a Packet Capture for Unknown Applications
Take a Packet Capture for Unknown Applications Palo Alto Networks firewalls automatically generate a packet capture for sessions that contain an application that it cannot ...