Packet capture

This page displays packets details on the specified interface. It will provide connection details and details of the packets processed by each module packets e.g. firewall, IPS along with information like firewall rule number, user, web and application filter policy number etc. This will help administrators to troubleshoot errant firewall rules.

You can:
  • Configure filter settings for capturing the packets.
  • View the packet information.
  • Specify the filter conditions for the packets.
  • Start/Stop – Start and stop packet capturing.
  • Refresh – Refresh the list.
  • Clear – Clear the details of the packets captured.

Packet capture

Trace on/off
Click the slider to enable/disable packet capturing.
The status, the buffer size and buffer used for capturing is displayed:
  • Trace On - packet capturing is on.
  • Trace Off - packet capturing is off.
  • Buffer size: 2048 KB
  • Buffer used: 0 to 2048 KB
Captured packets fill the buffer up to a size of 2048 KB. While packet capturing is on, if the buffer used exceeds the stipulated buffer size, packet capturing stops automatically. In such a case, you would have to clear the buffer for further use manually.
Note Packet capture details are displayed in a new window from the log viewer only after enabling packet capture.
Click to configure packet capturing feature.
Capture filter can be configured through following parameters:Number of bytes to capture (per packet) Wrap capture buffer once full BPF string

There are various filter conditions for capturing the packets. The BPF string is used for filtering the packet capture. For example, host and port 137.

Captured packet

The Captured packet section displays a list of all captured packets. For each packet the list shows:
Packet capture time.
In interface
Interface from which packet is coming.
Out interface
Interface to which packet is sent.
Ethernet type
Ether type: IPv4 or IPv6 or ARP
Ether type is a field in an Ethernet frame. It is used to indicate the protocol encapsulated in the Ethernet frame.
Source IP
Source IP address (IPv4/IPv6) of the packet.
Destination IP
Destination IP address (IPv4/IPv6) of the packet.
Packet type
Type of packet: ARP request or UDP.
Ports [src, dst]
Source and destination ports.
Rule ID
Firewall rule ID.
Possible packet status:
  • Incoming: Packets received on WAN or LAN interface.
  • Forwarded: Packet forwarded to out interface.
  • Consumed: Packets designated for or used by the device .
  • Generated: Packets generated by the device.
  • Violation: In case of any policy violation, the device will drop the packet and show the status Violation.
Reason for a packet being dropped, if it is dropped.
Connection status
Displays state of connection.
Served by
Specifies if connection is Established, TIME_WAIT or NONE.
Web filter ID
Web filter policy ID applied on the connection traffic.
Connection flags
System flags
Application ID
Application ID applied on the connection traffic.
Application category ID
Application category ID applied on the connection traffic.
Connection ID
Unique ID assigned to a connection.
Gateway ID
Gateway ID through which the connection traffic is routed.
Remote access policy ID
Remote access policy ID applied on the connection traffic.
Bandwidth policy ID
Bandwidth policy ID applied on the connection traffic.
User group
User group membership.
IPS policy ID
IPS policy ID applied on the connection traffic.
Application filter ID
Application filter policy ID applied on the connection traffic.
Web category ID
Web category ID applied on the connection traffic.
Master connection ID
Master connection ID of current connection.
Name of the user establishing connection.
Display filter
Click to set the filter criteria.
Packet capture can be filtered as per the following criteria: interface name, ether type, packet type, source IP, source port, destination IP and destination port, reason, status, rule ID, user, and connection ID.

Packet information

Packet information
Packet information including header details and entities including firewall rules & policies.

Hex & ASCII detail

Hex & ASCII detail
Packet information in Hex & ASCII values.