If you are doing a quick search for traffic flow into the firewall, run this command in CLI
tcpdump filter "host x.x.x.x and port 443"
you can use either the word host or src and get the same result. To view the output of the capture in CLI, type
view-pcap mgmt-pcap mgmt.pcap
then press the tab key for auto fill. The final command may look more like
view-pcap mgmt-pcap mgmt.pcap mgmt.pcap
It will print the output of the capture in the CLI window.
If doing a troubleshooting session and need a more in-depth capture. Read this how-to Getting Started: Packet Capture blog and follow the instructions. After successfully capturing the pcap files, you can view them in CLI by using this command
view-pcap filter-pcap <name of the filtered pcap>
For example: if your pcap capture file name was test. The command should read
view-pcap filter-pcap test
Hope you found this helpful
Comments