topic Packet Capture problem w/ PA-5020 running 4.0.0 in General Topics https://live.paloaltonetworks.com/t5/general-topics/packet-capture-problem-w-pa-5020-running-4-0-0/m-p/51121#M37615 <HTML><HEAD></HEAD><BODY><P>So, using debug dataplane packet-diag I am unable to get filters to work propperly and quite often don't see data that I actually Should.&nbsp; I didn't know if this was a bug with the 4.0.0 code or not but it makes it awful hard to defend the firewall when I can't produce reliable output from either logs or packet captures.&nbsp; The settings I have are below and not only does the filter not work propperly but I don't see the traffic I should be seeing.&nbsp; Also rather odd that the transmitted packets counter is so much higher than all the rest.</P><P></P><P>DP 0:</P><P></P><P>--------------------------------------------------------------------------------</P><P>Packet diagnosis setting:</P><P>--------------------------------------------------------------------------------</P><P>Packet filter</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yes</P><P>&nbsp; Match pre-parsed packet:&nbsp;&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Index 1: 10.100.240.179[0]-&gt;0.0.0.0[0], proto 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ingress-interface ethernet1/1, egress-interface any, exclude non-IP</P><P>--------------------------------------------------------------------------------</P><P>Logging</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Log-throttle:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Aggregate-to-single-file:&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Output file size:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7364 of 10485760 Bytes</P><P>&nbsp; Features:</P><P>&nbsp; Counters:</P><P>--------------------------------------------------------------------------------</P><P>Packet capture</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage receive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-receive.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 63673&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 14346098&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage firewall&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-firewall.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 59183&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 13831536&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage transmit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-transmit.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 111227&nbsp;&nbsp;&nbsp;&nbsp; bytes - 27857297&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage drop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-drop.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 1131&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 239054&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>--------------------------------------------------------------------------------</P><P></P><P>DP 1:</P><P></P><P>--------------------------------------------------------------------------------</P><P>Packet diagnosis setting:</P><P>--------------------------------------------------------------------------------</P><P>Packet filter</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yes</P><P>&nbsp; Match pre-parsed packet:&nbsp;&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Index 1: 10.100.240.179[0]-&gt;0.0.0.0[0], proto 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ingress-interface ethernet1/1, egress-interface any, exclude non-IP</P><P>--------------------------------------------------------------------------------</P><P>Logging</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Log-throttle:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Aggregate-to-single-file:&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Output file size:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 221380 of 10485760 Bytes</P><P>&nbsp; Features:</P><P>&nbsp; Counters:</P><P>--------------------------------------------------------------------------------</P><P>Packet capture</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage receive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-receive.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 211771&nbsp;&nbsp;&nbsp;&nbsp; bytes - 157212649&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage firewall&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-firewall.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 215378&nbsp;&nbsp;&nbsp;&nbsp; bytes - 157520273&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage transmit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-transmit.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 359186&nbsp;&nbsp;&nbsp;&nbsp; bytes - 197191051&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage drop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-drop.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 695&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 112144&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>--------------------------------------------------------------------------------</P></BODY></HTML> Fri, 01 Apr 2011 22:07:01 GMT migration 2011-04-01T22:07:01Z Packet Capture problem w/ PA-5020 running 4.0.0 https://live.paloaltonetworks.com/t5/general-topics/packet-capture-problem-w-pa-5020-running-4-0-0/m-p/51121#M37615 <HTML><HEAD></HEAD><BODY><P>So, using debug dataplane packet-diag I am unable to get filters to work propperly and quite often don't see data that I actually Should.&nbsp; I didn't know if this was a bug with the 4.0.0 code or not but it makes it awful hard to defend the firewall when I can't produce reliable output from either logs or packet captures.&nbsp; The settings I have are below and not only does the filter not work propperly but I don't see the traffic I should be seeing.&nbsp; Also rather odd that the transmitted packets counter is so much higher than all the rest.</P><P></P><P>DP 0:</P><P></P><P>--------------------------------------------------------------------------------</P><P>Packet diagnosis setting:</P><P>--------------------------------------------------------------------------------</P><P>Packet filter</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yes</P><P>&nbsp; Match pre-parsed packet:&nbsp;&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Index 1: 10.100.240.179[0]-&gt;0.0.0.0[0], proto 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ingress-interface ethernet1/1, egress-interface any, exclude non-IP</P><P>--------------------------------------------------------------------------------</P><P>Logging</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Log-throttle:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Aggregate-to-single-file:&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Output file size:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 7364 of 10485760 Bytes</P><P>&nbsp; Features:</P><P>&nbsp; Counters:</P><P>--------------------------------------------------------------------------------</P><P>Packet capture</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage receive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-receive.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 63673&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 14346098&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage firewall&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-firewall.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 59183&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 13831536&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage transmit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-transmit.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 111227&nbsp;&nbsp;&nbsp;&nbsp; bytes - 27857297&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage drop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-drop.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 1131&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 239054&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>--------------------------------------------------------------------------------</P><P></P><P>DP 1:</P><P></P><P>--------------------------------------------------------------------------------</P><P>Packet diagnosis setting:</P><P>--------------------------------------------------------------------------------</P><P>Packet filter</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; yes</P><P>&nbsp; Match pre-parsed packet:&nbsp;&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Index 1: 10.100.240.179[0]-&gt;0.0.0.0[0], proto 0</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ingress-interface ethernet1/1, egress-interface any, exclude non-IP</P><P>--------------------------------------------------------------------------------</P><P>Logging</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Log-throttle:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no</P><P>&nbsp; Aggregate-to-single-file:&nbsp; yes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Output file size:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 221380 of 10485760 Bytes</P><P>&nbsp; Features:</P><P>&nbsp; Counters:</P><P>--------------------------------------------------------------------------------</P><P>Packet capture</P><P>&nbsp; Enabled:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; no&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage receive&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-receive.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 211771&nbsp;&nbsp;&nbsp;&nbsp; bytes - 157212649&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage firewall&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-firewall.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 215378&nbsp;&nbsp;&nbsp;&nbsp; bytes - 157520273&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage transmit&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-transmit.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 359186&nbsp;&nbsp;&nbsp;&nbsp; bytes - 197191051&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp; Stage drop&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :&nbsp; file ssh-drop.pcap</P><P>&nbsp;&nbsp;&nbsp; Captured:&nbsp;&nbsp;&nbsp;&nbsp; packets - 695&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 112144&nbsp;&nbsp;&nbsp;&nbsp; </P><P>&nbsp;&nbsp;&nbsp; Maximum:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; packets - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; bytes - 0&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </P><P>--------------------------------------------------------------------------------</P></BODY></HTML> Fri, 01 Apr 2011 22:07:01 GMT https://live.paloaltonetworks.com/t5/general-topics/packet-capture-problem-w-pa-5020-running-4-0-0/m-p/51121#M37615 migration 2011-04-01T22:07:01Z Re: Packet Capture problem w/ PA-5020 running 4.0.0 https://live.paloaltonetworks.com/t5/general-topics/packet-capture-problem-w-pa-5020-running-4-0-0/m-p/51122#M37616 <HTML><HEAD></HEAD><BODY><P>Hi Price</P><P></P><P>could you try setting these without interface and with a second filter with 10.100.240.179 as destination. Can you try this command a couple of times during your tests: "show counter global filter delta yes filter packet-filter yes" , are there counters visible after the second time you execute this command, are there drops in there ?</P><P></P><P></P><P>regards</P></BODY></HTML> Tue, 05 Apr 2011 16:30:41 GMT https://live.paloaltonetworks.com/t5/general-topics/packet-capture-problem-w-pa-5020-running-4-0-0/m-p/51122#M37616 reaper 2011-04-05T16:30:41Z