What is Packet Capture? - SonicWALL

More documents

Recommendations

Info

Configuring Packet Capture Note If a field is left blank, no filtering is done on that field. Packets are captured without regard to the value contained in that field of their headers. Step 1 Step 2 Step 3 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 5. Under Packet Capture, click Configure. In the Packet Capture Configuration window, click the Capture Filter tab. Figure 8 Capture Filter Window Step 4 Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 In the Interface Name(s) box, type the SonicWALL appliance interfaces on which to capture packets, or use the negative format (!X0) to capture packets from all interfaces except those specified. To capture on all interfaces, leave blank. In the Ether Type(s) box, enter the Ethernet types for which you want to capture packets, or use the negative format (!ARP) to capture packets from all Ethernet types except those specified. To capture all Ethernet types, leave blank. In the IP Type(s) box, enter the IP packet types for which you want to capture packets, or use the negative format (!UDP) to capture packets from all IP types except those specified. To capture all IP types, leave blank. In the Source IP Address(es) box, type the IP addresses from which you want to capture packets, or use the negative format (!10.1.2.3) to capture packets from all source addresses except those specified. To capture packets from all source addresses, leave blank. In the Source Port(s) box, type the port numbers from which you want to capture packets, or use the negative format (!25) to capture packets from all source ports except those specified. To capture packets from all source ports, leave blank. In the Destination IP Address(es) box, type the IP addresses for which you want to capture packets, or use the negative format (!10.1.2.3) to capture packets with all destination addresses except those specified. To capture packets for all destination addresses, leave blank. In the Destination Port(s) box, type the port numbers for which you want to capture packets, or use the negative format (!80) to capture packets with all destination ports except those specified. To capture packets for all destination ports, leave blank. 12 SonicOS Enhanced Packet Capture
Configuring Packet Capture Step 11 To match the values in the source and destination fields against either the source or destination information in each packet, select the Enable Bidirectional Address and Port Matching checkbox. Configuring Display Filter Settings This section describes how to configure packet capture display filter settings. The values that you provide here are compared to corresponding fields in the captured packets, and only those packets that match are displayed. Display filter settings include the following: • Interface on your SonicWALL appliance You can specify up to ten interfaces separated by commas. Refer to the Network > Interfaces screen in the UI for the available interface names. For example, for a SonicWALL PRO Series, you could specify: X0, X1, X2, X3. You can also use a negative value to configure all interfaces except the one(s) specified; for example: !X0, !X1. For the TZ 190, you could specify WAN, LAN, WWAN, OPT, or !WWAN, !OPT. • Ethernet type of the packets that you want to display You can specify up to ten Ethernet types separated by commas. Currently, the following Ethernet types are supported: ARP, IP, PPPoE-SES, and PPPoE-DIS. The latter two can be specified by PPPoE alone. This option is not case-sensitive. For example, to display all supported types, you could enter: ARP, ip, PPPOE. You can use one or more negative values to display all Ethernet types except those specified; for example: !ARP, !PPPoE. You can also use hexadecimal values to represent the Ethernet types, or mix hex values with the standard representations; for example: ARP, 0x800, IP. Normally you would only use hex values for Ethernet types that are not supported by acronym in SonicOS Enhanced. See “Supported Packet Types” on page 21. • IP type of the packets that you want to display You can specify up to ten IP types separated by commas. The following IP types are supported: TCP, UDP, ICMP, GRE, IGMP, AH, ESP. This option is not case-sensitive. You can use one or more negative values to display all IP types except those specified; for example: !TCP, !UDP. You can also use hexadecimal values to represent the IP types, or mix hex values with the standard representations; for example: TCP, 0x1, 0x6. See “Supported Packet Types” on page 21. • Source IP addresses(es) from which to display packets You can specify up to ten IP addresses separated by commas; for example: 10.1.1.1, 192.2.2.2. You can use one or more negative values to display packets with all but the specified source addresses; for example: !10.3.3.3, !10.4.4.4. • Source port(s) from which to display packets You can specify up to ten port numbers separated by commas; for example: 20, 21, 22, 25. You can use one or more negative values to display packets with all but the specified source ports; for example: !80, !8080. • Destination IP address(es) for which to display packets You can specify up to ten IP addresses separated by commas; for example: 10.1.1.1, 192.2.2.2. You can use one or more negative values to display packets with all but the specified destination addresses; for example: !10.3.3.3, !10.4.4.4. • Destination port(s) for which to display packets You can specify up to ten port numbers separated by commas; for example: 20, 21, 22, 25. You can use one or more negative values to capture packets with all but the specified destination ports; for example: !80, !8080. • Bidirectional address and port mapping When this option is selected, IP addresses and ports specified in either the source or destination fields are matched against both the source and destination fields in each packet. • Packet status values SonicOS Enhanced Packet Capture 13
Page 1 and 2: Configuring the Packet Capture Feat
Page 3 and 4: Feature Overview How Does Packet Ca
Page 5 and 6: Using Packet Capture Using Packet C
Page 7 and 8: Using Packet Capture Table 1 Abbrev
Page 9 and 10: Using Packet Capture About the Hex
Page 11: Configuring Packet Capture Step 6 S
Page 15 and 16: Configuring Packet Capture Step 7 S
Page 17 and 18: Configuring Packet Capture Figure 1
Page 19 and 20: Verifying Packet Capture Activity V
Page 21 and 22: Related Information Related Informa
Page 23 and 24: Related Information Text File Forma

What is Packet Capture? - SonicWALL

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?