Network captures

The network capture tool is based on the tcpdump command line packet analyzer. This module consists of two grids:

  • Captures in progress: makes it possible to launch network captures, list the ones in progress, stop them and copy their TCPDump filters,

  • Completed captures: makes it possible to list past captures, download their PCAP files and metadata, delete them and copy their TCPDump filters,

This module can be accessed only if the firewall is equipped with a storage medium on which captures can be saved (e.g., internal storage or SD card). In addition, administrators must hold write permissions and the Full access to logs (private data) privilege or a temporary ticket to access personal data.

Information in local storage

Network captures are stored in the firewall's local storage within the quota of disk space allocated to network captures. If no quota has been allocated or enabled, the module cannot be used and a warning message will appear with two buttons:

  • Configure the allocated disk space: opens the Logs - Syslog - IPFIX module in which a disk space quota can be allocated to network captures,

  • Reload module: reloads the module after allocating or enabling the disk space allocated to network captures.

Interactive features

The operations listed in the taskbar of both grids can be performed by right-clicking in the relevant grid. For some actions, a line in the grid must be selected beforehand.