Palo Alto Networks Knowledgebase: Packet Capture Filter not Capturing Traffic Defined in the Match Filter

Packet Capture Filter not Capturing Traffic Defined in the Match Filter

3595
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:41 PM
Resolution

Issue

Packet Capture Filter is not Capturing Traffic Defined in the Match Filter.

Resolution

Use this command, debug dataplane packet-diag set filter, to configure specific IP addresses to capture.

When setting match filters for dataplane debug, if NAT rules are involved then pre-parse-match may be needed.

For example:

> debug dataplane packet-diag set filter pre-parse-match yes


The Pre-Parse Match option is added for advanced troubleshooting purposes. After a packet enters the ingress port, it proceeds through several processing steps before it is parsed for matches against pre-configured filters. It is possible for a packet to not reach the filtering stage due to a failure. This can occur if a route lookup fails.

Enable Pre-Parse Match to emulate a positive match for every packet entering the system. This allows the firewall to capture packets that do not reach the filtering process. If a packet is able to reach the filtering stage, it is then processed according to the filter configuration and discarded if it fails to meet filtering criteria.

owner: rkim



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClvbCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language