Packet capture | Trend Micro Service Central

Views:

Note

This setting is not available when Deep Discovery Inspector is connected to Trend Vision One.

Deep Discovery Inspector captures not only detected traffic but also traffic related to the client or server involved in the connection at the time of detection.

Trend Micro recommends using this feature sparingly. Capturing too many network packets might consume processing capability and disk space.

The following table outlines the actions available in the Packet Capture screen.

Action

Description

Enable packet capture

Select Enable packet capture to capture TCP/UDP packets that linked to specific detections.

WARNING

Enabling this feature requires restarting the appliance.

Add a packet capture rule

Click Add to create a new packet capture rule.

For more information, see Adding a packet capture rule

Delete a packet capture rule

Select one or more packet capture rules from the list and click Delete.

Import packet capture rules

Click Import to import packet capture rules from other Deep Discovery Inspector appliances.

Export packet capture rules

Click Export to download all the packet capture rules of your Deep Discovery Inspector appliance.

Tip

You can download packet capture files for the specified detections on the Detection Details screen.
In the pcap file, the comment "Detected Packet" in the "pkt_comment" field marks the packet that triggered the detection. For details, see All detections - detection details - connection details and Connection details.