How to run a packet capture for SRA troubleshooting

03/26/2020 9 12268

DESCRIPTION:

In order to run this packet capture a few conditions must be met. 

• The SRA is on a different Zone behind the firewall such as DMZ
• The SRA and internal LAN are on a different subnet

*If the SRA and the LAN are on the same subnet then a packet capture can be ran on a switch.

RESOLUTION:

Step 1. Log into the SonicWall firewall and go to system | packet monitor

Step 2. Click on the configure option to bring up the packet capture configuration window.

Step 3. When the window comes up focus on 3 windows Monitor Filter, Display Filter, and Advanced Monitor Filter.

Step 4. In Monitor Filter set the packet capture for source being the client and destination being the resource that is being accessed. A port can be added for a more specific packet capture.

Step 5. In display Filter leave the fields blank unless trying to remove data and only concentrate on a particular protocol or IP

Step 6. Verify all the boxes on Advanced Monitor Filter are checked except for the last 2 check boxes.
Once the packet capture is configured press on the enable option. 

Step 7. Once configure connect with the client Mobile Connect or Netextender and note the virtual IP the client has been given.

Step 8. On the client computer run a ping command to a server on the network behind the SRA.

Step 9. Refresh the packet capture (the packet capture tool does not refresh automatically) and verify that packets are being forwarded.

Step 10. If the packet capture is displaying a drop it will be seen in red letters. Under packet details scroll down to see the drop codes. If an explanation is not seen. Please follow the link below to see what the drop packets mean. The drop packets are specific to the firewall firmware revision.

Below is a link to our KB for the drop codes.
https://support.sonicwall.com/pt-br/kb/sw9820