McAfee SG310 Administration Manual page 363

System menu features
Diagnostics menu
Figure 379 Packet Capture Display
Downloading a pcap file
Use this procedure to download the .pcap file for examination rather than viewing it within the Packet
Capture page.
From the System menu, click Diagnostics > Packet Capture. The Packet Capture page appears.
1
Click the pcap file link in the Download column to download the n.pcap file.
2
You are prompted to save the downloaded file.
3
Disabling a pcap file
From the System menu, click Diagnostics > Packet Capture. The Packet Capture page appears.
1
Clear the enabled checkbox for the .pcap file. The page refreshes and a check mark is no longer displayed
2
in the enable checkbox.
Deleting a pcap file
Use this procedure to delete pcap files when you no longer require them. This keeps space available in the
/var/tmp directory.
From the System menu, click Diagnostics > Packet Capture. The Packet Capture page appears.
1
Click the delete icon next to the .pcap file you want to delete. The file is deleted.
2
More filtering options
You can specify filtering options during both capture and display which restrict the packets that are
captured or displayed. For full documentation of these options, see the tcpdump project at:
http://sourceforge.net/projects/tcpdump.
Some common filtering options are shown in the examples in
Table 39 Filtering options for packets
Packet Filtering Option
host 1.2.3.4
src host 1.2.3.4
dst host 1.2.3.4
McAfee UTM Firewall 4.0.4 Administration Guide
Table 39
Description
Match packets with a source or destination IP address of
1.2.3.4.
Match packets with a source IP address of 1.2.3.4.
Match packets with a destination IP address of 1.2.3.4.
below:
363