t_admin_network_packet_captures
The Network Packet Capturing wizard is located on the Administration > Diagnosis > Network Packet Capture. Using the captured network packet, administrators or support teams can perform traffic debug or analysis.
With this feature, administrators can choose a single or multiple network interfaces on which to simultaneously capture network packet. After the capture starts, the elapsed time displays. The capture operation stops when the administrator clicks Stop capture or when the configured time or size criteria is met.
The packet capture for each interface will be save in an individual file using the naming convention of “capture-{interface}-{date:time}.pcap”. For example capture-eth0-2012-02-17.1329518492.75.pcap.tar.gz would be the file name for the packet capture on the eth0 network interface performed on February 17, 2012.
After the network packet capture completes, all packet capture files are saved in one compressed package file named to “capture-{date}.tgz”. This file displays in the downloadable list. Administrators can either download or deleted the compressed file.
To determine some of the components for your filter, it helps to run a packet capture on the HTTP requests or responses. See the sample capture in Packet capture for a Google search and the explanation in Components shown in the Packet Capture (Continued).
Packet capture for a Google search
|
Number |
Component |
|
1 |
Request method |
|
2 |
URL host |
|
3 |
URL path |
|
4 |
URL query |
|
5 |
Request header |
|
6 |
Response header |
See also: