System > Packet Capture
107
SonicOS Enhanced 4.0 Administrator Guide
Refer to the figure below to see a high level view of the packet capture subsystem. This shows
the different filters and how they are applied.
Figure 12:1 High level packet capture on subsystem view
Using Packet Capture
This section contains the following subsections:
• “Accessing Packet Capture in the UI” on page 108
• “Starting and stopping packet capture” on page 108
• “Viewing the captured packets” on page 109
Refresh: Click Refresh to display new buffer data in the Captured Packets window.
You can then click any packet in the window to display its header
information and data in the Packet Detail and Hex Dump windows.
Export As: Display or save a snapshot of the current buffer in the file format that you
select from the drop-down list. Saved files are placed on your local
management system (where the UI is running). Choose from the following
formats:
• CAP - Select CAP format if you want to view the data with the
Wireshark (formerly Ethereal) network protocol analyzer. This is also
known as libcap or pcap format. A dialog box allows you to open the
buffer file with Wireshark, or save it to your local hard drive with the
extension .pcap.
• HTML - Select HTML to view the data with a browser. You can use File
> Save As to save a copy of the buffer to your hard drive.
• Text - Select Text to view the data in a text editor. A dialog box allows
you to open the buffer file with the registered text editor, or save it to
your local hard drive with the extension .wri.