- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
How To Perform a Packet Capture Based on OSI Layer 7 Application
03/26/2020 
7 People found this article helpful
96,453 Views
Description
This article explains how can packet capture be performed for specific protocol. General packet capture utility is very useful for troubleshooting purpose.
But there are some limitations where packet can be captured based on either port no. or IP address only but not application layer protocols.
Using Application firewall packet capture can be performed based on layer 7 protocols.
A application firewall rule can be created to be matched and perform packet capture. This article explains capture for SIP traffic. However same can be replicated using any other protocol using app control advance signatures or customer objects.
Resolution
Step 1: Navigate to the Packet Monitor page via System | Packet Monitor and select "Configure". Navigate to "Monitor Filter" and select "Enable firewall based on the firewall/app rule"
NOTE: Remember to uncheck the option in case doing capture with IP/port generic way as until the "Enable firewall based on the firewall/app rule" option is checked ,Packet monitor will not capture anything that is defined in monitor filter.
Step 2: Create an match object for SIP protocol.
Navigate to Firewall | Match object. Click on add and select match object type as "Application list".
Select VOIP-Apps and VOIP-SIP as application.
As mentioned above this article takes voip-sip as an example and any of pre-defined signatures and applications can be selected.
Step 3: Create an application firewall rule.
Navigate to Firewall | App rule
Click on add a new rule. Select the type as App control content and select match object "SIP".
Action object should be selected as Packet monitor.
How to Test:-
Start the packet capture and initiate SIP traffic. Relavent capture would start flowing.
Related Articles
- Client VPN hanging at acquiring IP using SonicWall DHCP
- GVC stuck on acquiring IP for some users
- App Control fails by schema error when editing VPN category
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO