Configure a global packet capture

A global packet capture collects every packet that is sent to the ExtraHop appliance for the duration that matches the criteria.

  1. Log into the Admin UI on your Discover appliance.
  2. In the Packet Captures section, click Global Packet Capture.
  3. In the Start Global Packet Capture section, complete the following fields. You only need to specify the criteria you want for the packet capture:

    Name: A name to identify the packet capture.

    Max Packets: The maximum number of packets to capture.

    Max Bytes: The maximum number of bytes to captures.

    Max Duration (milliseconds): The maximum duration of the packet capture in milliseconds. We recommend the default value of 1000 (1 second), or configure up to 60000 milliseconds (1 minute).

    Snaplen: The maximum number of bytes copied per frame. The default value is 96 bytes, but you can set this value to a number between 1 and 65535.

  4. Click Start.
  5. Click Stop to stop the packet capture before any of the maximum limits are reached.
Download your packet capture.
  • For Discover appliances, log into the Admin UI, and click View and Download Packet Captures.
  • For Reveal(x) systems, log into the Web UI, and click Packets from the top menu.
Published 2020-05-18 19:49