- This article describes the steps to configure Sophos Firewall’s packet capture feature.
What to do
- Go to Diagnostics > Packet Capture and click Configure. Fill the required fields as shown below:
- BPF (Berkeley Packet Filter) string provides a raw interface to data link layer permitting raw link-layer packets to be sent and received. BPF is an independent protocol and uses a filter-before-buffering approach.
- Below are some examples of BPF string to filter specific packets:
- Once the capture filter is configured, you can start capturing packets by turning the packet capture ON.
- Turn it OFF once you have enough packets to analyze.
- The details of the selected packet are displayed in the Packet Information section.
- For granular packet capture results, you can filter more by clicking on Display Filter and adjust the criteria as needed.