You have collected Packet Capture from ProxySG while reproducing the issue.
You want to analyze captured data in order to isolate the issue.
What protocol analyzer can I use to analyze a packet capture (pcap) obtained from a ProxySG?
There are various methods for reviewing packet capture related information from the proxy appliance:
SGOS# pcap info
To analyze captured packet data, use a tool that reads Packet Sniffer Pro 1.1 files, such as Wireshark or Packet Sniffer Pro 3.0.
Wireshark can be downloaded for free at https://www.wireshark.org/ .
Additional Information:
Here are several helpful Wireshark filters:
Filter |
Brief Description |
http.request || http.response |
Displays all HTTP request and response packets |
http.request.full_uri |
Displays all packet that contain a full request URI/URL |
ssl.handshake |
Displays SSL handshake packets (client hello, server hello, client key exchange, change cipher spec, etc..) |
dns.time>.5 |
Displays DNS delays greater than .5 seconds |
http.request.method == "POST" |
Displays all post requests (can be modified for other requests such as “HEAD”) |
ntlmssp.messagetype == 0x00000003 |
Displays all packet with the NTLM Auth message ( NTLMSSP_AUTH). Used to help track NTLM authentication requests/conversations |
ntlmssp |
Displays all NTLM packets |
tcp.dstport == 3389 and tcp.flags.syn==1 |
Displays RDP packets |