Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos XG: How to capture traffic on GUI

Overview:

In this article we will understand how to take packet capture in sophos XG firewall GUI.

Process:

Step-1: First login to the firewall GUI and click on the diagnostics tab and then click on packet capture tab as shown in figure below.

Packet capture

Step-2: You will get configure option as shown below

Configure

In “Enter BPF string” you can enter filters on your own as shown below.

1.Filter only IP address: host 1.2.3.4

2.Filter IP address and port: host 1.2.3.4 and port 80

3.Filter IP address and IP address: host 1.2.3.4 and host 1.2.3.4

4.Filter only port: Port 80

Replace “1.2.3.4” with the required IP address and “80” with required port.

Once you configure filter save it and then enable it as shown below.

Enable Packet Capture

Turn it OFF once you got packets to analyze as shown below.

Live traffic

If you want to filter already captured traffic, you need to use display filter as shown in figure below

Display Filter

Once you click on “Display Filter” option, you will get concerned filter ID’s as shown below

Display Filter

Based on your requirement you can filter with source IP, destination IP, source port, destination port etc

Then only traffic which match this display filter will be listed.

Hope this article helps you.