How to Get an Application PCAP

How to Get an Application PCAP

Created On 09/25/18 20:36 PM - Last Modified 06/08/23 21:28 PM



To gather a specific application packet capture (PCAP) for troubleshooting, follow these steps to get the information:

  1. Log into the CLI.
  2. Turn on application dump using the set application dump on <option> command. Use one or more of the following criteria to capture a specific application:
    application        Application name
    destination        destination IP address
    destination-port   Destination port

    destination-user   Destination user
    from               From zone
    limit              limit
    protocol           IP protocol value
    rule               Rule name
    source             source IP address
    source-port        Source port
    source-user        Source user
    to                 To zone

    For example:

    > set application dump on application web-browsing source destination destination-port 80
  3. To verify settings, run command:
    > show running application setting
    Application setting:
    Application cache             : yes
    Supernode                     : yes
    Heuristics                    : yes
    Cache Threshold               : 16
    Bypass when exceeds queue limit: yes
    Traceroute appid              : yes
    Traceroute TTL threshold      : 30
    Use cache for appid           : no
    Unknown capture               : on
    Max. unknown sessions         : 5000
    Current unknown sessions      : 0
    Application capture           : on   
    Max. application sessions     : 5000
    Current application sessions  : 0
    Application filter setting:
    From                      : any
    To                        : any
    Source                    : 0:0:0:0:0:0:0:0:0:0:255:255:192:168:1:1
    Destination               : 0:0:0:0:0:0:0:0:0:0:255:255:74:12:1:2
    Protocol                  : any
    Source Port               : any
    Dest. Port                : 80

    Application               : web-browsing
  4. Go to the traffic log in the Web UI. A green arrow displays next to the traffic to download the <application name> PCAP.
  5. Turn off the application dump.
    > set application dump off
  6. Rename the PCAP file with the name of the desired application.


owner: jebel

  • Print
  • Copy Link

Choose Language