Packet capture
This page displays packets details on the specified interface. It will provide connection details and details of the packets processed by each module packets e.g. firewall, IPS along with information like firewall rule number, user, web and application filter policy number etc. This will help administrators to troubleshoot errant firewall rules.
You can:
- Configure filter settings for capturing the packets.
- View the packet information.
- Specify the filter conditions for the packets.
- Start/Stop – Start and stop packet capturing.
- Refresh – Refresh the list.
- Clear – Clear the details of the packets captured.
Packet capture
- Trace on/off
- Click the slider to enable/disable packet capturing.The status, the buffer size and buffer used for capturing is displayed:
- Trace On - packet capturing is on.
- Trace Off - packet capturing is off.
- Buffer size: 2048 KB
- Buffer used: 0 to 2048 KB
- Configure
- Click to configure packet capturing feature.
Captured packet
The Captured packet section displays a list of all captured packets.
For each packet the list shows:
- Time
- Packet capture time.
- In interface
- Interface from which packet is coming.
- Out interface
- Interface to which packet is sent.
- Ethernet type
- Ether type: IPv4 or IPv6 or ARP
- Source IP
- Source IP address (IPv4/IPv6) of the packet.
- Destination IP
- Destination IP address (IPv4/IPv6) of the packet.
- Packet type
- Type of packet: ARP request or UDP.
- Ports [src, dst]
- Source and destination ports.
- Rule ID
- Firewall rule ID.
- Status
- Possible packet status:
- Incoming: Packets received on WAN or LAN interface.
- Forwarded: Packet forwarded to out interface.
- Consumed: Packets designated for or used by the device .
- Generated: Packets generated by the device.
- Violation: In case of any policy violation, the device will drop the packet and show the status Violation.
- Reason
- Reason for a packet being dropped, if it is dropped.
- Connection status
- Displays state of connection.
- Served by
- Specifies if connection is Established, TIME_WAIT or NONE.
- Web filter ID
- Web filter policy ID applied on the connection traffic.
- Connection flags
- System flags
- Application ID
- Application ID applied on the connection traffic.
- Application category ID
- Application category ID applied on the connection traffic.
- Connection ID
- Unique ID assigned to a connection.
- Gateway ID
- Gateway ID through which the connection traffic is routed.
- Remote access policy ID
- Remote access policy ID applied on the connection traffic.
- Bandwidth policy ID
- Bandwidth policy ID applied on the connection traffic.
- User group
- User group membership.
- IPS policy ID
- IPS policy ID applied on the connection traffic.
- Application filter ID
- Application filter policy ID applied on the connection traffic.
- Web category ID
- Web category ID applied on the connection traffic.
- Master connection ID
- Master connection ID of current connection.
- Username
- Name of the user establishing connection.
- Display filter
- Click to set the filter criteria.
Packet information
- Packet information
- Packet information including header details and entities including firewall rules & policies.
Hex & ASCII detail
- Hex & ASCII detail
- Packet information in Hex & ASCII values.