03-26-2013 08:14 AM
I've noticed that our 5020 is taking (what seems like)random packet captures. I searched this forum about this, and have read that the PA does do packet captures if the traffic is identified as "unknown-tcp" and "insufficient-data". The traffic I see that is generating pcaps seems random. For example, there are pcaps for "ciscovpn", "apple-push-notifications", "kontiki", etc. If I look into the "Log Details", these sessions are not hitting any Threat rules that might have caused a packet capture. Also, CLI packet capturing(set application dump) is off, as well as the packet capture option in the GUI. Anyone else experience this?
Thanks
03-26-2013 11:32 AM
So does it capture random packets with the expected ones or only random packets.
03-26-2013 02:04 PM
When I tell it to capture packets, it'll capture the specified packets just fine. But with packet capturing turned off, it's still capturing packets, and randomly it seems.
03-26-2013 02:24 PM
Weird. Please open a case with support so that we can investigate the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
