What CLI command can be used to view the threat pcap?

What CLI command can be used to view the threat pcap?

20194
Created On 09/26/18 13:49 PM - Last Modified 11/19/25 23:22 PM


Question


What CLI command can be used to view the threat pcap?

 

Environment


  • Palo Alto Networks Firewalls.
  • Supported PAN-OS
  • Threat pcap

Answer


The command "view-pcap threat" can be used to view the threat pcap.

> view-pcap threat
* search-time      Datetime YYYY/MM/DD hh:mm:ss (e.g. "2006/08/01 10:00:00")
* threat-pcap-id   pcap id

Example:

> view-pcap threat threat-pcap-id 1199947415466016771 search-time "2014/05/30 17:50:00"

Generating pcap files...
17:50:06.000000 IP truncated-ip - 6 bytes missing! 192.168.20.1.48092 > 10.10.21.44.http: P 370312602:370313010(408) ack 3732408167 win 256

If one of the parameters is left out, an "Invalid syntax" error will be displayed:

> view-pcap threat search-time "2014/05/30 17:50:00"
Invalid syntax.

Note: The threat pcap id can be obtained from threat log detail on the web UI:

pcap_id.png

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClqGCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail