Showing results for 
Search instead for 
Did you mean: 

Packet capture file steps

Hi all,

I want to generate packet capture files for http & smtp traffic for the prevent device which is installed in our company. I tried to follow the steps mentioned in the KB article wihch generated a pcap file on the prevent appliance however the size of the file is constantly remaining 0 kbs inspite of generating a lot of events. Not sure, what could be the issue with this. I would appreciate if somebody can help me with this.

I used the below command to generate the pcap file:

tcpdump -npi eth2 -Xs 1500 net and port 80 -w /tmp/http.pcap

The above command does generate a pcap file however no capture data seems to be getting logged.

0 Kudos
1 Reply
Level 11

Re: Packet capture file steps


The prevent device should see traffic on eth1. eth2 and eth3 are only used on the Monitor for capture from a tap/span port.

Hope this helps.

0 Kudos