SonicWALL 5.8.1 Manuale Utente
System > Packet Monitor
146
SonicOS 5.8.1 Administrator Guide
Step 2
In the Packet Monitor Configuration window, click the Monitor Filter tab.
Step 3
Choose to Enable filter based on the firewall/app rule if you are using firewall rules to
capture specific traffic.
capture specific traffic.
Note
Before the Enable filter based on the firewall/app rule option is selected, be certain you
have selected one or more access rules on which to monitor packet traffic. This
configuration is done from either the Firewall Settings > Access Rules page or the
Dashboard > App Flow Mintor page.
have selected one or more access rules on which to monitor packet traffic. This
configuration is done from either the Firewall Settings > Access Rules page or the
Dashboard > App Flow Mintor page.
On the Firewall Settings > Access Rules page, click on the edit icon for the Access Rule
on which you want to enable monitoring, and select the Enable packet monitor option.
On the Dashboard > App Flow Mintor page, select the item on which you want to enable
monitoring, click Create Rule, then select Packet Monitor and click Create Rule.
Step 4
Specify how Packet Monitor will filter packets using these options:
•
Interface Name(s) - You can specify up to ten interfaces separated by commas. Refer to
the Network > Interfaces screen in the management interface for the available interface
names. You can use a negative value to configure all interfaces except the one(s) specified;
for example: !X0, or !LAN.
the Network > Interfaces screen in the management interface for the available interface
names. You can use a negative value to configure all interfaces except the one(s) specified;
for example: !X0, or !LAN.
•
Ether Type(s) - You can specify up to ten Ethernet types separated by commas. Currently,
the following Ethernet types are supported: ARP, IP, PPPoE-SES, and PPPoE-DIS. The
latter two can be specified by PPPoE alone. This option is not case-sensitive. For example,
to capture all supported types, you could enter: ARP, IP, PPPOE. You can use one or more
negative values to capture all Ethernet types except those specified; for example: !ARP,
!PPPoE. You can also use hexadecimal values to represent the Ethernet types, or mix hex
values with the standard representations; for example: ARP, 0x800, IP. Normally you would
only use hex values for Ethernet types that are not supported by acronym in SonicOS
Enhanced. See
the following Ethernet types are supported: ARP, IP, PPPoE-SES, and PPPoE-DIS. The
latter two can be specified by PPPoE alone. This option is not case-sensitive. For example,
to capture all supported types, you could enter: ARP, IP, PPPOE. You can use one or more
negative values to capture all Ethernet types except those specified; for example: !ARP,
!PPPoE. You can also use hexadecimal values to represent the Ethernet types, or mix hex
values with the standard representations; for example: ARP, 0x800, IP. Normally you would
only use hex values for Ethernet types that are not supported by acronym in SonicOS
Enhanced. See
•
IP Type(s) - You can specify up to ten IP types separated by commas. The following IP
types are supported: TCP, UDP, ICMP, GRE, IGMP, AH, ESP. This option is not case-
sensitive. You can use one or more negative values to capture all IP types except those
types are supported: TCP, UDP, ICMP, GRE, IGMP, AH, ESP. This option is not case-
sensitive. You can use one or more negative values to capture all IP types except those