I want to generate packet capture files for http & smtp traffic for the prevent device which is installed in our company. I tried to follow the steps mentioned in the KB article wihch generated a pcap file on the prevent appliance however the size of the file is constantly remaining 0 kbs inspite of generating a lot of events. Not sure, what could be the issue with this. I would appreciate if somebody can help me with this.
I used the below command to generate the pcap file:
tcpdump -npi eth2 -Xs 1500 net 10.52.147.130 and port 80 -w /tmp/http.pcap
The above command does generate a pcap file however no capture data seems to be getting logged.
The prevent device should see traffic on eth1. eth2 and eth3 are only used on the Monitor for capture from a tap/span port.
Hope this helps.