Select Enable packet capture to capture TCP/UDP packets
that are associated with specified detections. Deep Discovery Inspector has the ability to capture not only detection traffic, but also other
traffic associated with the specified client that initiated the connection, or the
specified
server that connected with the client within the time that detection happens.
 |
WARNINGEnabling this feature requires the appliance to restart. Disabling this
feature does not require the appliance to restart.
|
On this screen, you can Add,
Delete, Import, and
Export packet capture rules. You can add a maximum of 1000 rules.
Use Export to export the packet capture rules and
share the rules with other Deep Discovery Inspector
appliances. Use Import to import packet capture rules that have been exported from
other Deep Discovery Inspector appliances.
Packet capture files for the specified detections can be downloaded from
the detection details screens. In the pcap file, the comment "Detected Packet" in
the
"pkt_comment" field marks the packet that triggered the detection. For details, see
All Detections - Detection Details -
Connection Details and Connection Details.
 |
NoteTrend Micro recommends
using this feature sparingly. Capturing too many network packets may consume processing
capability and disk space.
To increase available storage space, you can delete PCAP files and logs
at .
|