Completed captures
Possible operations
|
Refresh list of captures |
Refreshes the list of completed captures. |
|
Select all |
Selects all the captures in the grid. |
|
Delete |
Deletes the selected captures. |
|
Download the PCAP file |
Downloads the PCAP file of a capture. Select the relevant capture beforehand, then click on the link to download the file. Multiple PCAP files cannot be downloaded at once in the interface.
PCAP files are named according to the format: serial_ifname_timestamp.pcap. They are saved on the firewall in the /log/capture folder. |
|
Download capture metadata |
Downloads a capture’s metadata. Select the relevant capture beforehand, then click on the link to download the file. The metadata of several captures cannot be downloaded at once in the interface.
The files containing the metadata are named according to the format: serial_ifname_timestamp.txt. They are saved on the firewall in the /log/capture folder. |
|
Replay capture |
Makes it possible to replay a capture by pre-entering its parameters in the window to create a new capture. Select the relevant capture beforehand. |
|
Copy filter |
Copy the capture’s TCPDump filter. Select the relevant capture beforehand. This filter can later be used to create a new capture. |
NOTE
In high availability (HA) configurations, files from a network capture can be downloaded or deleted only from the firewall that launched the capture.
The table
|
Name |
Name of the capture’s PCAP file. |
|
Interface |
Interface on which the packets were captured. |
|
TCPDump filter |
Capture’s TCPDump filter. |
| Packet size limit | Packet size limit set for the capture. This column is hidden by default. |
|
Capture size |
Size of the capture’s PCAP file. |
|
Capture duration |
Duration of the packet capture. This duration can either be lower than the Max. capture duration if the Max. no. of packets is reached earlier, or if the capture was manually stopped. |
|
Max. capture duration |
Maximum duration set for the capture. |
| Start of capture | Date and time the capture started. This column is hidden by default. |
| End of capture | Date and time capture ended. This column is hidden by default. |
|
Number of packets |
Number of packets captured. This number can either be lower than the Max. no. of packets if the Max. capture duration is reached earlier, or if the capture was manually stopped. |
|
Packets rejected by the kernel |
Number of packets that the kernel rejected during the capture. The kernel rejects packets when it is unable to capture all of them, for example when it receives too many packets to process. |
| Packets rejected by the interface | Number of packets that the interface or its driver rejected during the capture. This column is hidden by default. |
|
Max. no. of packets |
Maximum number of packets that could be captured. |