This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

question about packet dump about incomplete, insufficient-data and insufficient-data

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

question about packet dump about incomplete, insufficient-data and insufficient-data

willstech
L3 Networker

‎04-05-2012 08:21 AM

Hi...

I’d like to a packet dump about incomplete, not-applicable, insufficient-data.

I tried to set a packet dump command like below.

Set application dump on application incomplete

Set application dump on application not-applicable.

Set application dump on application insufficient-data.

But, I can’t see any packet capture related to these applications from traffic log in Monitor TAB.
Is it impossible to capture of these applications on PAN device??

If it is possible, how can I capture these applications capture on PAN device?

Thanks,

Eugene.

0 Likes Likes
4 REPLIES 4

mhuels
L3 Networker

‎04-05-2012 08:53 AM

Hi Eugene,

a datastream is known as incomplete, not-applicable or with insufficient-data, if the session will be blocked by rule or does not find a existing service on the destination system. So you can see only one "tcp syn" packet in the dump (for instance). Imho this makes no sense.

greetings

Manfred

0 Likes Likes

willstech
L3 Networker
In response to mhuels

‎04-05-2012 05:47 PM

Hi mhuels

Thanks for your opinion.

and of course I agree about your mention.

Nevertheless, I need to capture these application to verify packet.

Actually, customer believes that incomplete and other packet lead to network connection problem between specific client and server.
Therefore I have to show that incomplete packet was not interrupted between the client and server connection.

as a evidence, i am going to show these packets.

Please teach me, if you know how to capture a dump related to these application.

Thanks,

Eugene.

0 Likes Likes

sjamaluddin
L4 Transporter
In response to willstech

‎04-10-2012 02:41 PM

You can create packet captures using the WebGUI as of version 4.0x and bove.

Monitor>>Packet Capture>>

You'd need to enable the filter (for the specific traffic you want to monitor) - "Manage Filter" and to then enable the captures. The packets can be captured at each of the 4 stages: transmit /receive/ firewall/ and drop.

YOU MUST ENABLE THE CAPTURE AFTER ENABLING THE FILTER otherwise the device may start capturing all the traffic through the device and that can lead to device crashes.

PLEASE ONLY SET CAPTURE ON AFTER FILTER HAS BEEN SET TO ON and disable the capture as soon as you done so as to not keep capturing.

Hope this helps

0 Likes Likes

rwizard
L3 Networker
In response to sjamaluddin

‎05-07-2012 03:45 PM

I have a customer that is also trying to capture packets for incomplete, not-applicable, and insufficient-data. The filters you mentioned do not allow you to capture based on application. Is there another way to capture this data?

0 Likes Likes
  • 3237 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks