System > Packet Capture
106
SonicOS Enhanced 4.0 Administrator Guide
• PPP negotiations details
You can configure the packet capture feature in the SonicOS Enhanced user interface (UI). The
UI provides a way to configure the capture criteria, display settings, and file export settings, and
displays the captured packets.
Benefits
The SonicOS Enhanced packet capture feature provides the functionality and flexibility that you
need to examine network traffic without the use of external utilities, such as Wireshark (formerly
known as Ethereal). SonicOS Enhanced 4.0 and above include the following improvements in
the packet capture tool:
• Capture control mechanism with improved granularity for custom filtering
• Display filter settings independent from capture filter settings
• Packet status indicates if the packet was dropped, forwarded, generated, or consumed by
the firewall
• Three-window output in the UI:
–
List of packets
–
Decoded output of selected packet
–
Hexadecimal dump of selected packet
• Export capabilities include text or HTML format with hex dump of packets, plus CAP file
format
• Automatic export to FTP server when the buffer is full
• Bidirectional packet capture based on IP address and port
• Configurable wrap-around of packet capture buffer when full
How Does Packet Capture Work?
As an administrator, you can configure the general settings, capture filter, display filter,
advanced settings, and FTP settings of the packet capture tool. As network packets enter the
packet capture subsystem, the capture filter settings are applied and the resulting packets are
written to the capture buffer. The display filter settings are applied as you view the buffer
contents in the UI. You can log the capture buffer to view in the UI, or you can configure
automatic transfer to the FTP server when the buffer is full.
Default settings are provided so that you can start using packet capture without configuring it
first. The basic functionality is as follows:
Start:Click Start to begin capturing all packets except those used for
communication between the SonicWALL appliance and the UI on your
console system.
Stop:Click Stop to stop the packet capture.
Reset:Click Reset to clear the status counters that are displayed at the top of the
Packet Capture page.