SonicWALL TZ 190 Verifying Packet Capture Activity

System > Packet Capture

120

SonicOS Enhanced 4.0 Administrator Guide

Even when interfaces specified in the capture filters do not match, this option ensures that

packets generated by the SonicWALL appliance are captured. This includes packets

generated by HTTP(S), L2TP, DHCP servers, PPP, PPPOE, and routing protocols.

Captured packets are marked with ‘s’ in the incoming interface area when they are from the

system stack. Otherwise, the incoming interface is not specified.

Step 5 To capture intermediate packets generated by the SonicWALL appliance, select the Capture

Intermediate Packets checkbox.

Intermediate packets include packets generated as a result of fragmentation or

reassembly, intermediate encrypted packets, IP helper generated packets, and replicated

multicast packets.

Step 6 To exclude encrypted management or syslog traffic to or from GMS, select the Exclude

encrypted GMS traffic checkbox.

This setting only affects encrypted traffic within a configured primary or secondary GMS

tunnel. GMS management traffic is not excluded if it is sent via a separate tunnel.

Step 7 To exclude management traffic, select the Exclude Management Traffic checkbox and select

one or more checkboxes for HTTP/HTTPS, SNMP, or SSH. If management traffic is sent via a

tunnel, the packets are not excluded.

Step 8 To exclude syslog traffic to a server, select the Exclude Syslog Traffic to checkbox and select

one or more checkboxes for Syslog Servers or GMS Server. If syslog traffic is sent via a

tunnel, the packets are not excluded.

If automatic FTP logging is off, either because of a failed connection or simply disabled, you

can restart it in Configure > Logging.

Step 1 Navigate to the Packet Capture page in the UI. See “Accessing Packet Capture in the UI” on

page 108.

Step 2 Under Packet Capture , click Configure.

Step 3 In the Packet Capture Configuration window, click the Logging tab.

Step 4 Verify that the settings are correct for each item on the page. See “Configuring Logging

Settings” on page 117.

Step 5 To change the FTP logging status on the main packet capture page to “active”, select the Log

To FTP Server Automatically checkbox.

Step 6 Clic k OK.

Verifying Packet Capture Activity

This section describes how to tell if your packet capture is working correctly according to the

configuration. It contains the following sections:

• “Understanding Status Indicators” on page 120

• “Resetting the Status Information” on page 122

The main Packet Capture screen displays status indicators for packet capture and FTP logging.

The packet capture status indicator shows one of the following three conditions: