Packet Capture Filter not Capturing Traffic Defined in the Match Filter

Packet Capture Filter not Capturing Traffic Defined in the Match Filter

25361
Created On 09/26/18 13:51 PM - Last Modified 06/08/23 21:36 PM


Resolution


Issue

Packet Capture Filter is not Capturing Traffic Defined in the Match Filter.

 

Resolution

Use this command, debug dataplane packet-diag set filter, to configure specific IP addresses to capture.

 

When setting match filters for dataplane debug, if NAT rules are involved then pre-parse-match may be needed.

For example:

> debug dataplane packet-diag set filter pre-parse-match yes

 

The Pre-Parse Match option is added for advanced troubleshooting purposes. After a packet enters the ingress port, it proceeds through several processing steps before it is parsed for matches against pre-configured filters. It is possible for a packet to not reach the filtering stage due to a failure. This can occur if a route lookup fails.

 

Enable Pre-Parse Match to emulate a positive match for every packet entering the system. This allows the firewall to capture packets that do not reach the filtering process. If a packet is able to reach the filtering stage, it is then processed according to the filter configuration and discarded if it fails to meet filtering criteria.

 

owner: rkim
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvbCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language