Configure Packet Capture in Email Security Appliance GUI

Available Languages

Download Options

  • PDF     (521.3 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (656.2 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (428.2 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:April 6, 2023
Document ID:220366

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes how enable a packet capture in Cisco Email Security Appliance.

    Background Information

    Packet capture intercepts and analyzes the network traffic that passes through the Cisco Email Security Appliance. It enables administrators to monitor network traffic, detect potential security threats, and troubleshoot network issues. Packet capture can be enabled on Cisco Email Security Appliance through GUI or CLI.

    Procedure

    In order to configure a packet capture, complete this procedure:

    1. Log in to the Cisco Email Security Appliance with administrator credentials.

    Log in to Cisco Email Security Appliance

    2. Hover the mouse in the Help And Support settings on the top right corner.

    Hover Mouse in Help and Support

    3. Click  Packet Capture.

    Click Packet Capture

    4. Scroll down to Packet Capture Settings and click Edit Settings.

    Click Edit Settings

    5. Enter the Packet Capture Settings:

    • Capture File Size Limit
    • Capture Duration
    • Interfaces                             

    Enter Packet Capture Settings

    6. Configure the Packet Capture Filters.

    Configure the Packet Capture Filters

    note-icon

    Note: It is recommended to use a Custom Filter, and add the destination ip address with the format of host x.x.x.x.

    In case of multiple destination ip addresses, the correct format is host x.x.x.x or host x.x.x.x.

    In the case where a specific port is to be captured, use the format host x.x.x.x && port x.

    7. Click Submit and Start Capture.

    8. Click Stop Capture when needed to stop the capture.

    Click Stop Capture

    9. Choose the capture from Manage Packet Capture Files menu and click Download File to save it to the local computer.

    Choose Capture from Manage Packet Capture Files and Click Download

    10. The file is now ready to be checked with a packet analyzer tool.

    Conclusion

    Packet capture is an essential feature that enables administrators to monitor network traffic and detect potential security threats. This article has provided a step-by-step procedure on how to enable packet capture on the Cisco Email Security Appliance GUI.

    Revision History

    Revision Publish Date Comments
    1.0
    06-Apr-2023
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Julio Mario Sandoval Borja
      Cisco TAC Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products