Packet capture
Packet capture shows the details of the packets that pass through an interface. You can see the connection details and details of the packets processed by each module, such as firewall and IPS. Packet capture also shows the firewall rule number, user, web, and application filter policy number. This information can help you troubleshoot instances where firewall rules fail.
You can:
- Configure filter settings for capturing the packets.
- View the packet information.
- Specify the filter conditions for the packets.
- Start and stop packet capturing.
- Refresh the details of the captured packets.
- Clear the details of the captured packets.
This video shows you how to identify dropped packets using packet capture:
Packet capture
Trace on/off
Click the slider to turn on or turn off Packet capture.
The status, buffer size, and buffer used for capturing packets is shown as follows:
- Trace On: Packet capture is on.
- Trace Off: Packet capture is off.
- Buffer size: 2048 KB
- Buffer used: 0 to 2048 KB
The buffer size is 2048 KB. If the buffer usage exceeds 2048 KB while Packet capture is on, packet capturing stops automatically. Click Clear to resume packet capturing.
Note
Packet capture details are shown in a new browser window only after you turn on Packet capture.
Configure
Click Configure to configure the number of bytes to be captured per packet. For more information, see Configure capture filter.
Captured packet
You can see a list of all the captured packets. For each packet, the list shows the following details:
| Option | Description |
|---|---|
| Time | Packet capture time. |
| In interface | Source interface of the packet. |
| Out interface | Destination interface of the packet. |
| Ethernet type | IPv4, IPv6, or ARP. Ethernet type is a field in an Ethernet frame. It indicates the protocol encapsulated in the Ethernet frame. |
| Source IP | Source IP address (IPv4 or IPv6) of the packet. |
| Destination IP | Destination IP address (IPv4 or IPv6) of the packet. |
| Packet type | Type of packet (ARP request or UDP). |
| Ports [src, dst] | Source and destination ports of the packet. |
| Ports [src, dst] | Source and destination ports of the packet. |
| NAT ID | NAT rule ID. |
| Rule ID | Firewall rule ID. |
| Status | Possible packet status:
|
| Reason | Reason why a packet is dropped. |
| Connection status | Shows the status of the connection. |
| Served by | Specifies if a connection is Established, TIME_WAIT, or NONE. |
| Web filter ID | Web filter policy ID applied on the connection traffic. |
| Connection flags | System flags. |
| Application ID | Application ID applied on the connection traffic. |
| Application category ID | Application category ID applied on the connection traffic. |
| Connection ID | Unique ID assigned to a connection. |
| Gateway ID | Gateway ID through which the connection traffic is routed. |
| Remote access policy ID | Remote access policy ID applied on the connection traffic. |
| Bandwidth policy ID | Bandwidth policy ID applied on the connection traffic. |
| User group | User group membership. |
| IPS policy ID | IPS policy ID applied on the connection traffic. |
| Application filter ID | Application filter policy ID applied on the connection traffic. |
| Web category ID | Web category ID applied on the connection traffic. |
| Master connection ID | The primary connection ID of the current connection. |
| Username | Name of the user establishing the connection. |
Click Display filter to filter the details based on interface name, EtherType, packet type, source IP address and port, destination IP address and port, reason, status, rule ID, user, and connection ID.
Packet information
Packet information includes header details and entities, including firewall rules and policies.
Hex & ASCII detail
Packet information in Hex & ASCII values.