Cisco Cisco FirePOWER Appliance 7115
Version 5.3
Sourcefire 3D System User Guide
671
Working with Intrusion Events
Using the Packet View
Chapter 17
To display the packet view:
A
CCESS
: Admin/Intrusion Admin
On the table view of intrusion events, select packets to view. See the
Constraining Events on the Table View of Events table
on page 668 for more
information.
The packet view appears. If you selected more than one event, you can page
The packet view appears. If you selected more than one event, you can page
through the packets by using the page numbers at the bottom of the page.
download a local
copy of the packet (a
packet capture file in
libpcap format) that
triggered the event
either:
• click Download Packet to save a copy of the captured packet for the event
• click Download Packet to save a copy of the captured packet for the event
you are viewing
• click Download All Packets to save copies of the captured packets for all the
events whose packets you previously selected
The captured packet is saved in libpcap format. This format is used by several
popular protocol analyzers.
Note that you cannot download a portscan packet because single portscan
Note that you cannot download a portscan packet because single portscan
events are based on multiple packets; however, the portscan view provides all
usable packet information. See
for more
information.
Note that you must have at least 15% available disk space in order to
Note that you must have at least 15% available disk space in order to
download.
expand or collapse a
page section
click the arrow next to the section.
Packet View Actions (Continued)
T
O
...
Y
OU
CAN
...