12.4. Packet capture

In the Packet capture section, you can record the traffic that meets the specified conditions to a PCAP file for later analysis in 3rd party applications, such as Wireshark. This may be useful for network diagnostics and troubleshooting.

The section consists of three parts:

  • Filters - this subsection defines the conditions for traffic recording. You can use the source address, source port, destination address, Ethernet protocol, or IPv4 protocol as the conditions to start recording. The list of IPv4 protocols can be found at http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.

  • Rules - the rules contain the UserGate interfaces in which the traffic must be recorded, custom filters, and also the name and size of the file in which the captured traffic is recorded.

  • Files - this subsection contains files with recorded traffic. You can download them for analysis or remove.

To record the traffic, perform the following steps:

Name

Description

Step 1. Create the filter that you need.

Optional. You can use the predefined filters or record all the traffic without any filters.

Step 2. Create a new rule.

Create a rule and provide the rule name, file name, maximum size of the file, and the necessary filters.

Step 3. Select the rule you need and start recording.

Select the necessary rule and click Start capture. When all the data is recorded, click Stop capture.

Step 4. Download the output file in the Files section.

Download the PCAP file for analysis.