Network Packet Capture
Scenario
Data is transmitted between devices as packets, a process that is usually invisible. Data flows cannot be quickly checked, making it difficult locate problems and handle network delay, connection failures, or security threats. CFW provides a network packet capture tool to accurately filter traffic by source/destination IP address, port, and protocol. It helps you quickly obtain the original data packet content, detect attacks, and identify security risks.
This section describes how to create a packet capture task to check the network status, view packet capture tasks, and download their results.
Constraints
- Only the professional edition instances can capture network packets.
- You can create up to of 20 packet capture tasks every day, but only one can be executed at a time.
- A maximum of 1 million packets can be captured.
- For an abnormal task, its possible packet capture results are as follows:
- The packet capture data is completely lost and cannot be downloaded.
- Some packet capture data is lost. Existing data can be downloaded.
Creating a Packet Capture Task to Check the Network Status
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation tree on the left, choose System Management > Packet Capture.
- Click Create Capture Task and configure parameters.
Table 1 Packet capture task parameters Parameter
Description
Example Value
Task Name
Task name.
It must meet the following requirements:- Only uppercase letters (A to Z), lowercase letters (a to z), numbers (0 to 9), and the following special characters are allowed: -_
- Enter up to 30 characters.
cfw
Max. Packets Captured
Maximum number of captured packets. Enter an integer in the range 1 to 1,000,000.
100,000
Capture Duration (min)
Maximum duration for capturing packets. Enter an integer in the range 1 to 10.
3
IP Type
IP address type for packet capture. The value can be IPv4.
IPv4
Protocol Type
Protocol type of captured packets. It can be:
- Any
- TCP
- UDP
- ICMP
Any
Source Address
The following input formats are supported:- A single IP address, for example, 192.168.10.5
- Consecutive IP addresses, for example, 192.168.0.2-192.168.0.10
- Address segment, for example, 192.168.2.0/24
192.168.10.5
Source Port
(Optional) Source port.
The input rules are as follows:- If this parameter is left blank, it indicates all port numbers (1 to 65535).
- Enter a single port number in the range 1 to 65535.
80
Destination Address
It can be:- A single IP address, for example, 192.168.10.5
- Consecutive IP addresses, for example, 192.168.0.2-192.168.0.10
- Address segment, for example, 192.168.2.0/24
192.168.10.6
Destination Port
(Optional) Destination port.
The input rules are as follows:- If this parameter is left blank, it indicates all port numbers (1 to 65535).
- Enter a single port number in the range 1 to 65535.
-
- Click OK.
Viewing a Packet Capture Task
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation tree on the left, choose System Management > Packet Capture.
- (Optional) Choose whether to search for a task by task name, IP address, or other criteria, enter keywords, and press Enter.
- Task name search supports fuzzy match. The input rules are as follows:
- Only uppercase letters (A to Z), lowercase letters (a to z), numbers (0 to 9), and the following special characters are allowed: -_
- Enter up to 30 characters.
- To search by IP address, enter a single complete IP address, for example, 0.0.0.0.
- Task name search supports fuzzy match. The input rules are as follows:
- View the information about the packet capture task. For details, see Table 2.
Table 2 Packet capture task parameters Parameter
Description
Task Name
Task name.
Status
Task status.
- Running: The packet capture command has been delivered and the task is in progress.
- Completed: The packet capture result has been uploaded and the task is complete.
- Exception: Packet capture data upload times out due to network problems, and some packet capture results are lost.
NOTE:
To retry a task, you can click Copy in its Operation column to create and execute it again.
- Stopping: The task is being stopped and the packet capture result is being uploaded.
- Expired: The packet capture result has been uploaded and the task has been manually stopped.
Protocol Type
Protocol type specified for packet capture.
IP Address
IP addresses specified for packet capture, including the source and destination addresses.
Port
Ports specified for packet capture, including the source and destination ports.
Max. Packets Captured
Maximum number of captured packets in the current task.
Packet Capture Time
Start time and end time of a packet capture task.
Capture Duration (min)
Duration of packet capture.
Remaining Retention Period (Days)
Number of days for storing a packet capture task. The default value is 7.
Capture Size
Size of captured packets.
Downloading Packet Capture Results
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project.
- In the navigation pane on the left, click
and choose . The Dashboard page will be displayed.
- (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
- In the navigation tree on the left, choose System Management > Packet Capture.
- In the row of a task, click Download in the Operation column to view the packet capture result.
- Obtain the packet capture result.
- You can click Copy all to share the link with others.
- You can click Open URL to open it in a new browser tab. Switch back to this dialog box, click Copy access code, paste the copied code to the Extraction Code text box on the new tab, and click Obtain Shared File List.
- You can click Copy link, and paste and open the link it in a new browser tab. Switch back to this dialog box, click Copy access code, paste the copied code to the Extraction Code text box on the new tab, and click Obtain Shared File List.
You can switch between Chinese and English in the lower left corner of the browser.
- Click Download or Download As.
- Check whether the data in the captured packet files is consistent with service data. Identify and evaluate the risks in network communication.
Related Operations
- To copy a task, click Copy in its Operation column. In the displayed dialog box, enter the task name and click OK.
- To stop a packet capture task, click Stop in its Operation column.
- To delete packet capture tasks, select the tasks and click Delete above the list.
- For details about how to enable Internet border traffic protection, see Enabling Internet Border Traffic Protection.
- For details about how to enable VPC border traffic protection, see Enabling VPC Border Traffic Protection.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.