Overview

• This article describes the steps to configure Sophos Firewall’s packet capture feature.
  

What to do

• Go to Diagnostics > Packet Capture and click Configure. Fill the required fields as shown below:

• BPF (Berkeley Packet Filter) string provides a raw interface to data link layer permitting raw link-layer packets to be sent and received. BPF is an independent protocol and uses a filter-before-buffering approach.
• Below are some examples of BPF string to filter specific packets:

• Once the capture filter is configured, you can start capturing packets by turning the packet capture ON.

• Turn it OFF once you have enough packets to analyze.
• The details of the selected packet are displayed in the Packet Information section.

• For granular packet capture results, you can filter more by clicking on Display Filter and adjust the criteria as needed.