Cisco Cisco Web Security Appliance S690 User Guide
492
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
The appliance saves the captured packet activity to a file and stores the file locally. You can
configure the maximum packet capture file size, how long to run the packet capture, and on
which network interface to run the capture. You can also use a filter to limit the number of
packets seen by the packet capture which can make the output more usable on networks with
a high volume of traffic. You can send any stored packet capture file using FTP to IronPort
Customer Support for debugging and troubleshooting purposes.
configure the maximum packet capture file size, how long to run the packet capture, and on
which network interface to run the capture. You can also use a filter to limit the number of
packets seen by the packet capture which can make the output more usable on networks with
a high volume of traffic. You can send any stored packet capture file using FTP to IronPort
Customer Support for debugging and troubleshooting purposes.
The Support and Help > Packet Capture page displays the list of complete packet capture files
stored on the hard drive. When a packet capture is running, the web interface shows the
status of the capture in progress by showing the current statistics, such as file size and time
elapsed.
stored on the hard drive. When a packet capture is running, the web interface shows the
status of the capture in progress by showing the current statistics, such as file size and time
elapsed.
You can download the packet capture files using the Download button in the web interface,
or by connecting to the appliance using FTP and retrieving them from the captures directory.
or by connecting to the appliance using FTP and retrieving them from the captures directory.
In the CLI, use the
packetcapture
command.
In the web interface, select the Packet Capture option under the Support and Help menu.
Note — The packet capture feature is similar to the Unix tcpdump command.
Starting a Packet Capture
To start a packet capture in the CLI, run the
packetcapture > start
command. If you
need to stop a running packet capture, run the
packetcapture > stop
command.
To start a packet capture in the web interface, select the Packet Capture option under the
Support and Help menu, and then click Start Capture. To stop a running capture, click Stop
Capture.
Support and Help menu, and then click Start Capture. To stop a running capture, click Stop
Capture.
Note — The web interface only displays packet captures started in the web interface, not
from the CLI. Similarly, the CLI only displays the status of a current packet capture run started
in the CLI.
from the CLI. Similarly, the CLI only displays the status of a current packet capture run started
in the CLI.