Packet Capture

The Packet capture section allows you to record the traffic that meets the specified conditions to a PCAP file for further analysis using third-party tools, such as wireshark. This may be necessary to diagnose network problems.

The section consists of three parts:

  • Filters: here the conditions are defined under which traffic will be recorded. You can use a source address, a source port, a destination address, a destination port, an Ethernet protocol, or an IPv4 protocol as conditions. For a list of IPv4 protocols, see http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.

  • Rules: here UserGate interfaces are specified for traffic recording, previously created filters and the name and the size of the file where the captured traffic is recorded.

  • Files: files with captured traffic are placed here. You can download them for analysis or delete them.

To capture traffic, perform the following steps:

Name

Description

Step 1. Create the desired filter.

Optional. You can use preinstalled filters or capture all traffic without filtering it.

Step 2. Create a rule.

Create a rule where you specify the rule name, the file name, the maximum size of the file to be written, and the necessary filters.

Step 3. Select a rule and start capturing.

Select the rule you want to use and click Start capture. To stop capturing, click Stop capture.

Step 4. Under Files, select a file to download.

Download the PCAP file for analysis.