https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10586#M7801 <HTML><HEAD></HEAD><BODY><P>I've noticed that our 5020 is taking (what seems like)random packet captures.&nbsp; I searched this forum about this, and have read that the PA does do packet captures if the traffic is identified as "unknown-tcp" and "insufficient-data".&nbsp; The traffic I see that is generating pcaps seems random.&nbsp; For example, there are pcaps for "ciscovpn", "apple-push-notifications", "kontiki", etc.&nbsp; If I look into the "Log Details", these sessions are not hitting any Threat rules that might have caused a packet capture.&nbsp; Also, CLI packet capturing(set application dump) is off, as well as the packet capture option in the GUI.&nbsp; Anyone else experience this?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 26 Mar 2013 15:14:29 GMT jambulo 2013-03-26T15:14:29Z https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10586#M7801 <HTML><HEAD></HEAD><BODY><P>I've noticed that our 5020 is taking (what seems like)random packet captures.&nbsp; I searched this forum about this, and have read that the PA does do packet captures if the traffic is identified as "unknown-tcp" and "insufficient-data".&nbsp; The traffic I see that is generating pcaps seems random.&nbsp; For example, there are pcaps for "ciscovpn", "apple-push-notifications", "kontiki", etc.&nbsp; If I look into the "Log Details", these sessions are not hitting any Threat rules that might have caused a packet capture.&nbsp; Also, CLI packet capturing(set application dump) is off, as well as the packet capture option in the GUI.&nbsp; Anyone else experience this?</P><P></P><P>Thanks</P></BODY></HTML> Tue, 26 Mar 2013 15:14:29 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10586#M7801 jambulo 2013-03-26T15:14:29Z https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10587#M7802 <HTML><HEAD></HEAD><BODY><P>So does it capture random packets with the expected ones or only random packets.</P></BODY></HTML> Tue, 26 Mar 2013 18:32:06 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10587#M7802 sraghunandan 2013-03-26T18:32:06Z https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10588#M7803 <HTML><HEAD></HEAD><BODY><P>When I tell it to capture packets, it'll capture the specified packets just fine.&nbsp; But with packet capturing turned off, it's still capturing packets, and randomly it seems.</P></BODY></HTML> Tue, 26 Mar 2013 21:04:45 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10588#M7803 jambulo 2013-03-26T21:04:45Z https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10589#M7804 <HTML><HEAD></HEAD><BODY><P>Weird. Please open a case with support so that we can investigate the issue.</P></BODY></HTML> Tue, 26 Mar 2013 21:24:50 GMT https://live.paloaltonetworks.com/t5/general-topics/pa-random-packet-captures/m-p/10589#M7804 sraghunandan 2013-03-26T21:24:50Z