Packet capture enhancements
Packet capture has been enhanced. When defining a capture, multiple interfaces can be configured to capture packets on, making it easier to see both sides of a conversation on one screen, and easier to troubleshoot issues with return traffic in the network. Host names can also be used instead of IP addresses for the filter. The IP address of the hostname is resolved, and then the captures starts. The snapshot length specifies the maximum number of bytes captured per packet by the packet capture utility.
If the browser is closed or the page is refreshed, captures will continue to run. The user can return later to view, stop, restart, download, or delete the capture.
To configure the features in the CLI:
config firewall on-demand-sniffer
edit "port1_root"
set interface "port1" "port2"
set hostnames "www.google.com" "www.youtube.com"
set snapshot-length 2000
next
end
|
interface <interface> <interface> ... |
Interface names that on-demand packet sniffer will take place on. |
|
hostnames <hostname> <hostname> ... |
Hostnames to filter in this traffic sniffer. |
|
snapshot-length <integer> |
Maximum number of bytes to capture per packet (1 - 262144, default = 1600). |
To configure the features in the GUI:
-
Go to Network > Diagnostics and, on the Packet capture tab, click New packet capture.
-
Configure the interfaces, the Snapshot Length, and filter by one or more hostnames.
-
Configure other settings are needed, then start the capture, or save the settings for later.
To view, stop, restart, or download a capture in the GUI:
-
Go to Network > Diagnostics and, on the Packet capture tab
-
Click on a running capture to View or Stop the capture.
-
Click on a stopped capture to View, Download, Restart, or Delete the capture.
