Palo Alto Networks Knowledgebase: Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs
Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs
Created On 07/29/19 17:24 PM - Last Updated 07/29/19 17:51 PM
Under Monitor > Traffic, packet captures are randomly being generated for applications identified as unknown-tcp or insufficient-data.
For unknown traffic and some apps that get detected with heuristics in unknown decoders, there is a capture done automatically by default. A packet capture is not generated for every item because the number of captures are limited to protect system performance.