Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs

Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs

26139
Created On 09/25/18 19:47 PM - Last Modified 06/08/23 01:08 AM


Resolution


Under Monitor > Traffic, packet captures are randomly being generated for applications identified as unknown-tcp or insufficient-data.

traffic-log.png

 

For unknown traffic and some apps that get detected with heuristics in unknown decoders, there is a capture done automatically by default. A packet capture is not generated for every item because the number of captures are limited to protect system performance.

app-dump.png

 

owner: ppatel
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldHCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language