What is Packet Capture? - SonicWALL

More documents

Recommendations

Info

Configuring Packet Capture SonicOS Enhanced adds one of four possible packet status values to each captured packet: forwarded, generated, consumed, and dropped. You can select one or more of these status values to match when displaying packets. The status value shows the state of the packet with respect to the firewall, as follows: – Forwarded - The packet arrived on one interface and the SonicWALL appliance sent it out on another interface. – Generated - The SonicWALL appliance created the packet during the process of encryption or decryption, fragmentation or reassembly, or as a result of certain protocols. – Consumed - The packet was destined for the SonicWALL appliance. – Dropped - The SonicWALL appliance did nothing further with the packet. The firewall might have identified the packet as malformed, malicious, on the deny list, or not on the allow list. Note If a field is left blank, no filtering is done on that field. Packets are displayed without regard to the value contained in that field of their headers. Step 1 Step 2 Step 3 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 5. Under Packet Capture, click Configure. In the Packet Capture Configuration window, click the Display Filter tab. Figure 9 Filter Settings Window Step 4 Step 5 Step 6 In the Interface Name(s) box, type the SonicWALL appliance interfaces for which to display packets, or use the negative format (!X0) to display packets captured from all interfaces except those specified. To display packets captured on all interfaces, leave blank. In the Ether Type(s) box, enter the Ethernet types for which you want to display packets, or use the negative format (!ARP) to display packets of all Ethernet types except those specified. To display all Ethernet types, leave blank. In the IP Type(s) box, enter the IP packet types for which you want to display packets, or use the negative format (!UDP) to display packets of all IP types except those specified. To display all IP types, leave blank. 14 SonicOS Enhanced Packet Capture
Configuring Packet Capture Step 7 Step 8 Step 9 Step 10 Step 11 Step 12 Step 13 Step 14 Step 15 In the Source IP Address(es) box, type the IP addresses from which you want to display packets, or use the negative format (!10.1.2.3) to display packets captured from all source addresses except those specified. To display packets from all source addresses, leave blank. In the Source Port(s) box, type the port numbers from which you want to display packets, or use the negative format (!25) to display packets captured from all source ports except those specified. To display packets from all source ports, leave blank. In the Destination IP Address(es) box, type the IP addresses for which you want to display packets, or use the negative format (!10.1.2.3) to display packets with all destination addresses except those specified. To display packets for all destination addresses, leave blank. In the Destination Port(s) box, type the port numbers for which you want to display packets, or use the negative format (!80) to display packets with all destination ports except those specified. To display packets for all destination ports, leave blank. To match the values in the source and destination fields against either the source or destination information in each captured packet, select the Enable Bidirectional Address and Port Matching checkbox. To display captured packets that the SonicWALL appliance forwarded, select the Forwarded checkbox. To display captured packets that the SonicWALL appliance generated, select the Generated checkbox. To display captured packets that the SonicWALL appliance consumed, select the Consumed checkbox. To display captured packets that the SonicWALL appliance dropped, select the Dropped checkbox. Configuring Logging Settings This section describes how to configure packet capture logging settings. These settings provide a way to configure automatic logging of the capture buffer to an external FTP server. When the buffer fills up, the packets are transferred to the FTP server. The capture continues without interruption. If you configure automatic logging, this supercedes the setting for wrapping the buffer when full. With automatic FTP logging, the capture buffer is effectively wrapped when full, but you also retain all the data rather than overwriting it each time the buffer wraps. Step 1 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 5. Figure 10 Logging Settings Window SonicOS Enhanced Packet Capture 15
Page 1 and 2: Configuring the Packet Capture Feat
Page 3 and 4: Feature Overview How Does Packet Ca
Page 5 and 6: Using Packet Capture Using Packet C
Page 7 and 8: Using Packet Capture Table 1 Abbrev
Page 9 and 10: Using Packet Capture About the Hex
Page 11 and 12: Configuring Packet Capture Step 6 S
Page 13: Configuring Packet Capture Step 11
Page 17 and 18: Configuring Packet Capture Figure 1
Page 19 and 20: Verifying Packet Capture Activity V
Page 21 and 22: Related Information Related Informa
Page 23 and 24: Related Information Text File Forma

What is Packet Capture? - SonicWALL

Create successful ePaper yourself

Delete template?

Save as template?