The Packet Capturing wizard is located at Administration → Diagnostics → Packet Capture. Use the captured packet to perform traffic debug or analysis.

Choose a single or multiple network interfaces on which to simultaneously capture network packets. After the capture starts, the elapsed time displays. The capture operation stops when the administrator clicks Stop capture or when the configured time or size criteria is met.

The packet capture for each interface saves as an individual file using the naming convention of “capture-{interface}-{date:time}.pcap”. For example capture-eth0-2013-07-02.1329518492.75.pcap.tar.gz would be the file name for the packet capture on the eth0 network interface performed on July 2, 2013.

After the network packet capture completes, all packet capture files are saved in one compressed package file named to “capture-{date}.tgz”. This file displays in the downloadable list. Either download or delete the compressed file.

To determine some of the components for the filter, run a packet capture on the HTTP requests or responses. See the sample capture in Packet capture for a Google search and the explanation in Components shows in the packet capture.