To gather a specific application packet capture (PCAP) for troubleshooting, follow these steps to get the information:
Log into the CLI.
Turn on application dump using the set application dump on <option> command. Use one or more of the following criteria to capture a specific application: application Application name destination destination IP address destination-port Destination port destination-user Destination user from From zone limit limit protocol IP protocol value rule Rule name source source IP address source-port Source port source-user Source user to To zone
For example: > set application dump on application web-browsing source 192.168.1.1 destination 74.12.1.2 destination-port 80
To verify settings, run command: > show running application setting Application setting: Application cache : yes Supernode : yes Heuristics : yes Cache Threshold : 16 Bypass when exceeds queue limit: yes Traceroute appid : yes Traceroute TTL threshold : 30 Use cache for appid : no Unknown capture : on Max. unknown sessions : 5000 Current unknown sessions : 0 Application capture : on Max. application sessions : 5000 Current application sessions : 0 Application filter setting: From : any To : any Source : 0:0:0:0:0:0:0:0:0:0:255:255:192:168:1:1 Destination : 0:0:0:0:0:0:0:0:0:0:255:255:74:12:1:2 Protocol : any Source Port : any Dest. Port : 80 Application : web-browsing
Go to the traffic log in the Web UI. A green arrow displays next to the traffic to download the <application name> PCAP.
Turn off the application dump. > set application dump off
Rename the PCAP file with the name of the desired application.