What is the significance of the "green down arrow" packet capture within the "Details" field of the Traffic Log? We have no packet capture defined and it only shows up randomly for certain connections. Is this an automatic output if there are issues within the session? Thanks!
The segmented down arrow represents a packet capture, this would be something that you or somebody who might have access to your PAN setup. It can be done via policy or from within the CLI. When you do see these they represent a specific packet type often unique to a given application. Look at your app filter as this is the most common usage.
In this case - it's not a defined application in the rule. It's a defined port. Also I never setup packet capture on this device - neither cli or policy. And the down arrow is random - only shows up once in a while. That's why I thought perhaps it was auto creating a capture based on an event happening.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!