Configure a global packet capture

A global packet capture collects every packet that is sent to the ExtraHop system for the duration that matches the criteria.

  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the Packet Captures section, click Global Packet Capture.
  3. In the Start Global Packet Capture section, complete the following fields. You only need to specify the criteria you want for the packet capture:

    Name: A name to identify the packet capture.

    Max Packets: The maximum number of packets to capture.

    Max Bytes: The maximum number of bytes to captures.

    Max Duration (milliseconds): The maximum duration of the packet capture in milliseconds. We recommend the default value of 1000 (1 second), or configure up to 60000 milliseconds (1 minute).

    Snaplen: The maximum number of bytes copied per frame. The default value is 96 bytes, but you can set this value to a number between 1 and 65535.

  4. Click Start.
    Tip:Make a note of the time you start the capture to make it easier to locate the packets.
  5. Click Stop to stop the packet capture before any of the maximum limits are reached.
Download your packet capture.
  • On Reveal(x) Enterprise systems, click Packets from the top menu and then click Download PCAP.

    To help locate your packet capture, click and drag on the Packet Query timeline to select the time range when you started the packet capture.

  • On ExtraHop Performance systems, click the System Settings icon , click All Administration, and then click View and Download Packet Captures in the Packet Capture section.
Last modified 2023-11-07