Gathering Packet Captures is a very reliable tool for deep network-level diagnosis. There are solutions inside a PCAP that can't be seen using any other diagnostic method. For this reason, Customer Support will often request a Packet Capture, even when there may not be an obvious reason.
First, navigate to the Packet Capture page on the CA by pointing your browser at Utilities > Packet Capture where you'll be taken to the page represented in Image 1:
Image 1, Content Analysis Packet Capture
The first box is for adding any filtering you wish to use. The syntax is "Berkeley Style", such as, "tcp" if you only wish to see TCP traffic. Another one which may be asked for by Blue Coat Customer Support, would be to filter based on ICAP traffic:
port 1344 or port 11344
Another possibility would be to filter against one SG and only ICAP traffic. In this example, the system isn't configured to use Secure ICAP traffic:
port 1344 and host 10.31.19.100
Of course there are cases where you may leave the "Filter" unused so all traffic is captured.
In the next field you enter the length of your PCAP in seconds.
In most cases capturing more than 10 or 15 seconds is overkill, unless the problem occurs at random times rather than specific times which can be planned for. In those cases, determine if there's any pattern to events by checking logs, then limit the capture to a reasonable amount of time.
As you can guess, unfiltered Packet Captures will contain everything that went across the pipe during the length of the capture that isn't bypassed.
To see more information about Berkeley formatted PCAP syntax,
visit their site.
Using the context sensitive help on the configuration page for any service is a good practice. To open the Help Page, click the question mark (?) in the top-right corner of the UI, just left of your login name.
Imported Document ID: 000024595
Subscribing will provide email updates when this Article is updated. Login is required.