Packet Capture Module Operations

Some operations are dependent on your RBAC assignments, the state of the module, and the state of capture jobs. The UIClosed User Interface. The visual components and controls that users interact with to access features and manage the system. will enforce restrictions by either dimming buttons when the operation is not available or via pop-up messages that require your approval.

New Capture Job

Use the new capture jobClosed Writes network packets to local disk for continuous or on-demand captures. button to start a capture on a selected device. When you start a capture job, you provide a name for the capture job and select a capture profileClosed A configuration template that defines packet capture parameters.. The capture profile determines which packets are captured and how the capture behaves, including whether it runs as a continuous capture or an on-demand capture. The capture job writes network packets to local disk on the device.

You can create multiple capture jobs on a single device, but you must use different capture profiles for each capture job. Capture jobs can be stopped and then started again using the same capture buffer.

Start Capture

Click this button to resume a previously stopped capture job on the selected device.

Rename Capture

You can rename either an active or inactive capture job.

Stop Capture

For any active capture, you have the option of stopping the capture job. The packets remain in this capture job on the end point device until you either harvestClosed The process of retrieving PCAP files from Packet Capture Module devices and transferring them to a customer-provided repository for analysis. from this capture job, or you delete the capture job.

Delete Capture

You can delete an active or stopped capture to free up disk space. The UI will prompt you with a confirmation message.

Note: If you delete an active capture job, the Packet Capture Module will first stop the capture and then free up the disk space.

Harvest Packets

The Harvest operations have two options:

  1. You can choose to harvest the last “nn” minutes of time, working backward from the current time, or a configured time range.

  2. You can choose to harvest the entire contents of the continuous capture rolling buffer.

Prior to creating the PCAPClosed Packet Capture. A file format that contains captured network packet data, typically used for network analysis and troubleshooting. file for harvest, the Packet Capture Module will attempt to estimate if the percent free space threshold would be violated once the PCAP file is created. If the calculation asserts we would be in violation of the threshold, the harvest will return an error.

Viewing History of Harvest Commands

Just below the list capture jobs for each device, you will see a historical reference of harvest operations that have been executed for this device. Each harvest file has a hyperlink to your customer provided repository.