Help Center/ Cloud Firewall/ User Guide/ System Management/ Network Packet Capture
Updated on 2025-07-23 GMT+08:00
View PDF

Network Packet Capture

Scenario

Data is transmitted between devices as packets, a process that is usually invisible. Data flows cannot be quickly checked, making it difficult locate problems and handle network delay, connection failures, or security threats. CFW provides a network packet capture tool to accurately filter traffic by source/destination IP address, port, and protocol. It helps you quickly obtain the original data packet content, detect attacks, and identify security risks.

This section describes how to create a packet capture task to check the network status, view packet capture tasks, and download their results.

Constraints

  • Only the professional edition instances can capture network packets.
  • You can create up to of 20 packet capture tasks every day, but only one can be executed at a time.
  • A maximum of 1 million packets can be captured.
  • For an abnormal task, its possible packet capture results are as follows:
    • The packet capture data is completely lost and cannot be downloaded.
    • Some packet capture data is lost. Existing data can be downloaded.

Creating a Packet Capture Task to Check the Network Status

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation tree on the left, choose System Management > Packet Capture.
  6. Click Create Capture Task and configure parameters.

    Table 1 Packet capture task parameters

    Parameter

    Description

    Example Value

    Task Name

    Task name.

    It must meet the following requirements:
    • Only uppercase letters (A to Z), lowercase letters (a to z), numbers (0 to 9), and the following special characters are allowed: -_
    • Enter up to 30 characters.

    cfw

    Max. Packets Captured

    Maximum number of captured packets. Enter an integer in the range 1 to 1,000,000.

    100,000

    Capture Duration (min)

    Maximum duration for capturing packets. Enter an integer in the range 1 to 10.

    3

    IP Type

    IP address type for packet capture. The value can be IPv4.

    IPv4

    Protocol Type

    Protocol type of captured packets. It can be:

    • Any
    • TCP
    • UDP
    • ICMP

    Any

    Source Address
    The following input formats are supported:
    • A single IP address, for example, 192.168.10.5
    • Consecutive IP addresses, for example, 192.168.0.2-192.168.0.10
    • Address segment, for example, 192.168.2.0/24

    192.168.10.5

    Source Port

    (Optional) Source port.

    The input rules are as follows:
    • If this parameter is left blank, it indicates all port numbers (1 to 65535).
    • Enter a single port number in the range 1 to 65535.

    80

    Destination Address
    It can be:
    • A single IP address, for example, 192.168.10.5
    • Consecutive IP addresses, for example, 192.168.0.2-192.168.0.10
    • Address segment, for example, 192.168.2.0/24

    192.168.10.6

    Destination Port

    (Optional) Destination port.

    The input rules are as follows:
    • If this parameter is left blank, it indicates all port numbers (1 to 65535).
    • Enter a single port number in the range 1 to 65535.

    -

  7. Click OK.

Viewing a Packet Capture Task

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation tree on the left, choose System Management > Packet Capture.
  6. (Optional) Choose whether to search for a task by task name, IP address, or other criteria, enter keywords, and press Enter.

    • Task name search supports fuzzy match. The input rules are as follows:
      • Only uppercase letters (A to Z), lowercase letters (a to z), numbers (0 to 9), and the following special characters are allowed: -_
      • Enter up to 30 characters.
    • To search by IP address, enter a single complete IP address, for example, 0.0.0.0.

  7. View the information about the packet capture task. For details, see Table 2.

    Table 2 Packet capture task parameters

    Parameter

    Description

    Task Name

    Task name.

    Status

    Task status.

    • Running: The packet capture command has been delivered and the task is in progress.
    • Completed: The packet capture result has been uploaded and the task is complete.
    • Exception: Packet capture data upload times out due to network problems, and some packet capture results are lost.
      NOTE:

      To retry a task, you can click Copy in its Operation column to create and execute it again.

    • Stopping: The task is being stopped and the packet capture result is being uploaded.
    • Expired: The packet capture result has been uploaded and the task has been manually stopped.

    Protocol Type

    Protocol type specified for packet capture.

    IP Address

    IP addresses specified for packet capture, including the source and destination addresses.

    Port

    Ports specified for packet capture, including the source and destination ports.

    Max. Packets Captured

    Maximum number of captured packets in the current task.

    Packet Capture Time

    Start time and end time of a packet capture task.

    Capture Duration (min)

    Duration of packet capture.

    Remaining Retention Period (Days)

    Number of days for storing a packet capture task. The default value is 7.

    Capture Size

    Size of captured packets.

Downloading Packet Capture Results

  1. Log in to the management console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
  4. (Optional) Switch to another firewall instance. Select a firewall from the drop-down list in the upper left corner of the page.
  5. In the navigation tree on the left, choose System Management > Packet Capture.
  6. In the row of a task, click Download in the Operation column to view the packet capture result.
  7. Obtain the packet capture result.

    • You can click Copy all to share the link with others.
    • You can click Open URL to open it in a new browser tab. Switch back to this dialog box, click Copy access code, paste the copied code to the Extraction Code text box on the new tab, and click Obtain Shared File List.
    • You can click Copy link, and paste and open the link it in a new browser tab. Switch back to this dialog box, click Copy access code, paste the copied code to the Extraction Code text box on the new tab, and click Obtain Shared File List.

    You can switch between Chinese and English in the lower left corner of the browser.

  8. Click Download or Download As.
  9. Check whether the data in the captured packet files is consistent with service data. Identify and evaluate the risks in network communication.

Related Operations

  • To copy a task, click Copy in its Operation column. In the displayed dialog box, enter the task name and click OK.
  • To stop a packet capture task, click Stop in its Operation column.
  • To delete packet capture tasks, select the tasks and click Delete above the list.
  • For details about how to enable Internet border traffic protection, see Enabling Internet Border Traffic Protection.
  • For details about how to enable VPC border traffic protection, see Enabling VPC Border Traffic Protection.
Parent Topic: System Management