Packet Capture Issue

Edsnow — Fri, 15 Nov 2024 06:34:53 GMT

Hi Team,

I am seeing an active session for a specific traffic , but when I try to capture the packets there is no packets has been captured.

Also "debug dataplane packet-diag show filter-marked-session" command also not showing any session details. I am pasting session details below,

Session 2780057

c2s flow:
source: 10.30.9.145
dst: 10.130.160.1
proto: 6
sport: 41012 dport: 3000
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
offload: Yes

s2c flow:
source: 10.130.160.1
dst: 10.30.9.145
proto: 6
sport: 3000 dport: 41012
state: ACTIVE type: FLOW
src user: unknown
dst user: unknown
offload: Yes

Slot : 1
DP : 0
index(local): : 2780057
start time : Fri Nov 15 00:06:42 2024
timeout : 3600 sec
time to live : 3330 sec
total byte count(c2s) : 12709
total byte count(s2c) : 12285
layer7 packet count(c2s) : 150
layer7 packet count(s2c) : 154
vsys : vsys2
application : unknown-tcp
service timeout override(index) : False
session to be logged at end : True
session in session ager : True
session updated by HA peer : False
layer7 processing : completed
URL filtering enabled : False
session via syn-cookies : False
session terminated on host : False
session traverses tunnel : False
session terminate tunnel : False
captive portal session : False
ingress interface : ae1.452
egress interface : ae2.770
session QoS rule : N/A (class 4)
tracker stage l7proc : ctd decoder done
end-reason : unknown

If anyone have any idea please let me know.

Re: Packet Capture Issue

YEmreSeven — Tue, 26 Nov 2024 21:44:14 GMT

Hi Edsnow,

According to related document "Any traffic that is offloaded by the firewall will also not be included in the packet capture." You can disable offloading temporarily but noticed that it will increased the dataplane CPU.

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldYCAS

topic Packet Capture Issue in Next-Generation Firewall Discussions

Packet Capture Issue

Re: Packet Capture Issue