Packet Capture Parent topic

Select Enable packet capture to capture TCP/UDP packets that are associated with specified detections. Deep Discovery Inspector has the ability to capture not only detection traffic, but also other traffic associated with the specified client that initiated the connection, or the specified server that connected with the client within the time that detection happens.
WARNING
WARNING
Enabling this feature requires the appliance to restart. Disabling this feature does not require the appliance to restart.
On this screen, you can Add, Delete, Import, and Export packet capture rules. You can add a maximum of 1000 rules.
Use Export to export the packet capture rules and share the rules with other Deep Discovery Inspector appliances. Use Import to import packet capture rules that have been exported from other Deep Discovery Inspector appliances.
Packet capture files for the specified detections can be downloaded from the detection details screens. In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection. For details, see All Detections - Detection Details - Connection Details and Affected Hosts - Detection Details - Connection Details.
Note
Note
Trend Micro recommends using this feature sparingly. Capturing too many network packets may consume processing capability and disk space.
To increase available storage space, you can delete PCAP files and logs at AdministrationSystem MaintenanceStorage Maintenance.