Manuals / Blue Coat Systems / Kitchen Appliance / Appliance Trim Kit

Blue Coat Systems SGOS Version 5.2.2 Packet Capturing the Job Utility, PCAP File Name Format

Models: Blue Coat Systems SG Appliance SGOS Version 5.2.2

1 108
Download 108 pages 21.03 Kb
Page 52
Image 52
Packet Capturing (the Job Utility)

Volume 9: Managing the Blue Coat SG Appliance

Packet Capturing (the Job Utility)

You can capture packets of Ethernet frames going into or leaving an SG appliance. Packet capturing allows filtering on various attributes of the frame to limit the amount of data collected. The maximum PCAP size allowed is 100MB. Any packet filters must be defined before a capture is initiated, and the current packet filter can only be modified if no capture is in progress.

The pcap utility captures all received packets that are either directly addressed to the SG appliance through an interface’s MAC address or through an interface’s broadcast address. The utility also captures transmitted packets that are sent from the appliance. The collected data can then be transferred to the desktop or to Blue Coat for analysis.

Note: Packet capturing increases the amount of processor usage performed in TCP/IP.

To analyze captured packet data, you must have a tool that reads Packet Sniffer Pro 1.1 files (for example, Ethereal or Packet Sniffer Pro 3.0).

PCAP File Name Format

The name of a downloaded packet capture file has the format: bluecoat_date_filter- expression.cap, revealing the date and time (UTC) of the packet capture and any filter expressions used. Because the filter expression can contain characters that are not supported by a file system, a translation can occur. The following characters are not translated:

Alphanumeric characters (a-z, A-Z, 0-9)

Periods (.)

Characters that are translated are:

Space (replaced by an underscore)

All other characters (including the underscore and dash) are replaced by a dash followed by the ASCII equivalent; for example, a dash is translated to -2Dand an ampersand (&) to -26.

Common PCAP Filter Expressions

Packet capturing allows filtering on various attributes of the frame to limit the amount of data collected. PCAP filter expressions can be defined in the Management Console or the CLI. Below are examples of filter expressions; for PCAP configuration instructions, see “Configuring Packet Capturing” on page 53.

Some common filter expressions for the Management Console and CLI are listed below. The filter uses the Berkeley Packet Filter format (BPF), which is also used by the tcpdump program. A few simple examples are provided below. If filters with greater complexity are required, you can find many resources on the Internet and in books that describe the BPF filter syntax.

52

Page 51 Page 53
Page 52
Image 52
Blue Coat Systems SGOS Version 5.2.2 manual Packet Capturing the Job Utility, PCAP File Name Format
Page 51 Page 53