Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
669
Working with Intrusion Events
Using the Packet View
Chapter 17
Using the Packet View
L
ICENSE
: Protection
A packet view provides information about the packet that triggered the rule that
generated an intrusion event.
TIP!
The packet view on a Defense Center does not contain packet information
when the Transfer Packet option is disabled for the device detecting the event.
The packet view indicates why a specific packet was captured by providing
information about the intrusion event that the packet triggered, including the
event’s time stamp, message, classification, priority, and, if the event was
generated by a standard text rule, the rule that generated the event. The packet
view also provides general information about the packet, such as its size.
In addition, the packet view has a section that describes each layer in the packet:
In addition, the packet view has a section that describes each layer in the packet:
data link, network, and transport, as well as a section that describes the bytes
that comprise the packet. You can expand collapsed sections to display detailed
that comprise the packet. You can expand collapsed sections to display detailed
information.
IMPORTANT!
Because each portscan event is triggered by multiple packets,
on page 987 for more information.