07-25-2014 01:07 AM
Hello.
Does anyone else have problems with defining filters for packet capture in WebUI?
If I understand correctly (there is no info about this in official documentation) all values in the same filter are logically connected with 'AND' operator. And logical operation between different filters is 'OR'.
So if I want to monitor all traffic between 2 hosts i need something like this:
1st filter ID 1: source IP1, destination IP2
2nd filter ID 2: source IP2, destination IP1.
I define files for all 4 stages of capture.
To avoid problems I then use "debug dataplane packet-diag clear filter-marked-session all"
And start capture.
However I don't get any PCAP files at all. And I know traffic is going through FW between these 2 hosts as I have an active session between those 2 IPs with increasing amount of bytes.
Any ideas if this is a bug or are my filters wrong?
how do you set filters for monitoring traffic between 2 IPs in both directions in all stages?
Best regards,
Simon
