What is Packet Capture? - SonicWALL

More documents

Recommendations

Info

Configuring Packet Capture Step 2 Under Packet Capture, click Configure. Step 3 In the Packet Capture Configuration window, click the Logging tab. Step 4 In the FTP Server IP Address box, type the IP address of the FTP server. For example, type 10.1.2.3. Note Make sure that the FTP server IP address is reachable by the SonicWALL appliance. An IP address that is reachable only via a VPN tunnel is not supported. Step 5 Step 6 Step 7 Step 8 Step 9 Step 10 Step 11 In the Login ID box, type the login name that the SonicWALL appliance should use to connect to the FTP server. In the Password box, type the password that the SonicWALL appliance should use to connect to the FTP server. In the Directory Path box, type the directory location for the transferred files. The files are written to this location relative to the default FTP root directory. For libcap format, files are named “packet-log--.cap”, where the contains a run number and date including hour, month, day, and year. For example, packet-log--3-22-08292006.cap. For HTML format, file names are in the form: “packet-log_h-.html”. An example of an HTML file name is: packet-log_h-3-22-08292006.html. To enable automatic transfer of the capture file to the FTP server when the buffer is full, select the Log To FTP Server Automatically checkbox. Files are transferred in both libcap and HTML format. To enable transfer of the file in HTML format as well as libcap format, select the Log HTML File Along With .cap File (FTP). To test the connection to the FTP server and transfer the capture buffer contents to it, click Log Now. In this case the file name will contain an ‘F’. For example, packet-log-F-3-22-08292006.cap or packet-log_h-F-3-22-08292006.html. To save your settings and exit the screen, click OK. Configuring Advanced Settings This section describes how to configure settings for the following: • Capturing packets generated by the SonicWALL appliance • Capturing intermediate packets generated by the appliance • Excluding traffic from SonicWALL Global Management System (GMS) • Excluding management traffic • Excluding syslog traffic Step 1 Step 2 Step 3 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on page 5. Under Packet Capture, click Configure. In the Packet Capture Configuration window, click the Advanced tab. 16 SonicOS Enhanced Packet Capture
Configuring Packet Capture Figure 11 Advanced Settings Window Step 4 Step 5 Step 6 Step 7 Step 8 To capture packets generated by the SonicWALL appliance, select the Capture Firewall Generated Packets checkbox. Even when interfaces specified in the capture filters do not match, this option ensures that packets generated by the SonicWALL appliance are captured. This includes packets generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols. Captured packets are marked with ‘s’ in the incoming interface area when they are from the system stack. Otherwise, the incoming interface is not specified. To capture intermediate packets generated by the SonicWALL appliance, select the Capture Intermediate Packets checkbox. Intermediate packets include packets generated as a result of fragmentation or reassembly, intermediate encrypted packets, IP helper generated packets, and replicated multicast packets. To exclude encrypted management or syslog traffic to or from GMS, select the Exclude encrypted GMS traffic checkbox. This setting only affects encrypted traffic within a configured primary or secondary GMS tunnel. GMS management traffic is not excluded if it is sent via a separate tunnel. To exclude management traffic, select the Exclude Management Traffic checkbox and select one or more checkboxes for HTTP/HTTPS, SNMP, or SSH. If management traffic is sent via a tunnel, the packets are not excluded. To exclude syslog traffic to a server, select the Exclude Syslog Traffic to checkbox and select one or more checkboxes for Syslog Servers or GMS Server. If syslog traffic is sent via a tunnel, the packets are not excluded. Restarting FTP Logging If automatic FTP logging is off, either because of a failed connection or simply disabled, you can restart it in Configure > Logging. Step 1 Navigate to the Packet Capture page in the UI. SonicOS Enhanced Packet Capture 17
Page 1 and 2: Configuring the Packet Capture Feat
Page 3 and 4: Feature Overview How Does Packet Ca
Page 5 and 6: Using Packet Capture Using Packet C
Page 7 and 8: Using Packet Capture Table 1 Abbrev
Page 9 and 10: Using Packet Capture About the Hex
Page 11 and 12: Configuring Packet Capture Step 6 S
Page 13 and 14: Configuring Packet Capture Step 11
Page 15: Configuring Packet Capture Step 7 S
Page 19 and 20: Verifying Packet Capture Activity V
Page 21 and 22: Related Information Related Informa
Page 23 and 24: Related Information Text File Forma

What is Packet Capture? - SonicWALL

Create successful ePaper yourself

Delete template?

Save as template?