How to capture incoming and utgoing NTP traffic using the Packet Monitor

In order to capture incoming or outgoing NTP traffic on the SonicWall appliance, we need to go to the Packet Monitor :

1/ Click System
2/ Click Packet Monitor
3/ Click Configure

A new pop up window will appear, containing the Packet Monitor options

In that new window, we will configure the Packet Monitor so that it captures incoming and outgoing NTP traffic:

1/ Click on the "Monitor Filter" tab
2/ Fill in the fields as shown in the screenshot above :

- Ether Type(s) : IP
- IP Type(s): UDP
- Destination Port(s): 123

3/ Make sure the box that says "Enable Bidirectional address and Port matching" is checked.

1/ Go to the "Display Filter" tab
2/ Fill in the fields as shown in the screenshot above :

- Ether Type(s) : IP
- IP Type(s): UDP
- Destination Port(s): 123

3/ Make sure all boxes on this tab are checked.


1/ Go to the "Advanced Monitor Filter" tab
2/ Male sure all boxes on that tab are checked
3/ Click the "OK" button to confirm the settings and close that pop-up window.


1/ We can now start the capture by clicking the "Start Capture" button
2/ The "Trace Active" icon will become green indicating the capture is taking place
3/ NTP traffic that has been capture will show in the "Captured Packets" fields (Use the "Refresh" button regularly to update the content of the captured packets)
4/ Click "Stop Capture" whenever you feel you have capture enough data.
5/ Export your capture in your preferred format (Libpcap,HTML, TEXT or appdata)