Select Enable packet capture to capture TCP/UDP packets that are associated with specified detections. Deep Discovery Inspector has the ability to capture not only detection traffic, but also other traffic associated with the specified client that initiated the connection, or the specified server that connected with the client within the time that detection happens.

On this screen, you can Add, Delete, Import, and Export packet capture rules. You can add a maximum of 1000 rules.

Use Export to export the packet capture rules and share the rules with other Deep Discovery Inspector appliances. Use Import to import packet capture rules that have been exported from other Deep Discovery Inspector appliances.

Packet capture files for the specified detections can be downloaded from the detection details screens. In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection. For details, see All Detections - Detection Details - Connection Details and Affected Hosts - Detection Details - Connection Details.