User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170

511

512

513

514

515

516

517

518

519

520

PACKET CAPTURE

CHAPTER 22: SYSTEM ADMINISTRATION 493

Editing Packet Capture Settings

To edit the packet capture settings in the CLI, run the packetcapture > setup command.

To edit packet capture settings in the web interface, select the Packet Capture option under

the Support and Help menu, and then click Edit Settings.

Table 22-1 describes the packet capture settings you can configure.

Note — When you change the packet capture settings without committing the changes and

then start a packet capture, AsyncOS uses the new settings. This allows you to use the new

settings in the current session without enforcing the settings for future packet capture runs.

The settings remain in effect until you clear them.

Table 22-1 Packet Capture Configuration Options

Option Description

Capture file size limit The maximum file size for all packet capture files.

Capture duration Choose how long to run the packet capture:

• Run Capture Until File Size Limit Reached. The packet capture

runs until the file size limit is reached.

• Run Capture Until Time Elapsed Reaches. The packet capture

runs until the configured time has passed. You can enter the time

in seconds (s), minutes (m), or hours (h). If you enter the amount of

time without specifying the units, AsyncOS uses seconds by

default.

Note: If the file reaches the maximum size limit before the entire

time has elapsed, the existing file is deleted (the data is discarded)

and a new file starts with the current packet capture data.

• Run Capture Indefinitely. The packet capture runs until you

manually stop it.

Note: If the file reaches the maximum size limit before you

manually stop the packet capture, the existing file is deleted (the

data is discarded) and a new file starts with the current packet

capture data.

You can always manually stop any packet capture.

Network interface to capture Select the network interface on which to run the packet capture.

Filters Choose whether or not to apply a filter to the packet capture to

reduce the amount of data stored in the packet capture.

You can use one of the predefined filters to filter by port, source IP

address, or destination IP address, or you can create a custom filter

using any syntax supported by the Unix tcpdump command.