Skip to content

Packet capture

Packet capture shows the details of the packets that pass through an interface. You can see the connection details and details of the packets processed by each module, such as firewall and IPS. Packet capture also shows the firewall rule number, user, web, and application filter policy number. This information can help you troubleshoot instances where firewall rules fail.

You can:

  • Configure filter settings for capturing the packets.
  • View the packet information.
  • Specify the filter conditions for the packets.
  • Start and stop packet capturing.
  • Refresh the details of the captured packets.
  • Clear the details of the captured packets.

Packet capture

Trace on/off

Click the slider to turn on or turn off Packet capture.

The status, buffer size, and buffer used for capturing packets is shown as follows:

  • Trace On: Packet capture is on.
  • Trace Off: Packet capture is off.
  • Buffer size: 2048 KB
  • Buffer used: 0 to 2048 KB

The buffer size is 2048 KB. If the buffer usage exceeds 2048 KB while Packet capture is on, packet capturing stops automatically. Click Clear to resume packet capturing.

Note

Packet capture details are shown in a new browser window only after you turn on Packet capture.

Configure

Click Configure to configure the number of bytes to be captured per packet. For more information, see Configure capture filter.

Captured packet

You can see a list of all the captured packets. For each packet, the list shows the following details:

Option Description
Time Packet capture time.
In interface Source interface of the packet.
Out interface Destination interface of the packet.
Ethernet type IPv4, IPv6, or ARP. Ethernet type is a field in an Ethernet frame. It indicates the protocol encapsulated in the Ethernet frame.
Source IP Source IP address (IPv4 or IPv6) of the packet.
Destination IP Destination IP address (IPv4 or IPv6) of the packet.
Packet type Type of packet (ARP request or UDP).
Ports [src, dst] Source and destination ports of the packet.
Ports [src, dst] Source and destination ports of the packet.
NAT ID NAT rule ID.
Rule ID Firewall rule ID.
Status Possible packet status:
  • Incoming: Packets received on a WAN or LAN interface.
  • Forwarded: Packet forwarded to out an interface.
  • Consumed: Packets designated for or used by the device.
  • Generated: Packets generated by the device.
  • Violation: If a policy violation occurs, the device drops the packet and shows this status.
Reason Reason why a packet is dropped.
Connection status Shows the status of the connection.
Served by Specifies if a connection is Established, TIME_WAIT, or NONE.
Web filter ID Web filter policy ID applied on the connection traffic.
Connection flags System flags.
Application ID Application ID applied on the connection traffic.
Application category ID Application category ID applied on the connection traffic.
Connection ID Unique ID assigned to a connection.
Gateway ID Gateway ID through which the connection traffic is routed.
Remote access policy ID Remote access policy ID applied on the connection traffic.
Bandwidth policy ID Bandwidth policy ID applied on the connection traffic.
User group User group membership.
IPS policy ID IPS policy ID applied on the connection traffic.
Application filter ID Application filter policy ID applied on the connection traffic.
Web category ID Web category ID applied on the connection traffic.
Master connection ID The primary connection ID of the current connection.
Username Name of the user establishing the connection.

Click Display filter to filter the details based on interface name, EtherType, packet type, source IP address and port, destination IP address and port, reason, status, rule ID, user, and connection ID.

Packet information

Packet information includes header details and entities, including firewall rules and policies.

Hex & ASCII detail

Packet information in Hex & ASCII values.