Palo Alto Networks Knowledgebase: Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs

Packet Capture Behavior for Unknown-TCP or Insufficient Data in Traffic Logs

4639
Created On 07/29/19 17:24 PM - Last Updated 07/29/19 17:51 PM
Resolution

Under Monitor > Traffic, packet captures are randomly being generated for applications identified as unknown-tcp or insufficient-data.

traffic-log.png

 

For unknown traffic and some apps that get detected with heuristics in unknown decoders, there is a capture done automatically by default. A packet capture is not generated for every item because the number of captures are limited to protect system performance.

app-dump.png

 

owner: ppatel



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CldHCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language