Sophos XG Firewall: How to monitor traffic using packet capture utility in the GUI


  • This article describes the steps to configure Sophos Firewall’s packet capture feature.

What to do

  • Go to Diagnostics > Packet Capture and click Configure. Fill the required fields as shown below:
  • BPF (Berkeley Packet Filter) string provides a raw interface to data link layer permitting raw link-layer packets to be sent and received. BPF is an independent protocol and uses a filter-before-buffering approach.
  • Below are some examples of BPF string to filter specific packets:
  • Once the capture filter is configured, you can start capturing packets by turning the packet capture ON.
  • Turn it OFF once you have enough packets to analyze.
  • The details of the selected packet are displayed in the Packet Information section.
  • For granular packet capture results, you can filter more by clicking on Display Filter and adjust the criteria as needed.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.