Meaning of quintuple packet capture for the USG6000 series

1

Quintuple packet capture enables the USG6000 series to copy the passing packets and save or display them in a certain format on the USG.
If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Other related questions:
Meaning of quintuple packet capture for the USG2000&5000 series
Quintuple packet capture enables the USG2000&5000 series to copy the passing packets and save or display them in a certain format on the USG. If the USG or service is faulty and the fault cannot be located after you check the configuration and statistics, you can enable quintuple packet capture for the USG to capture packets of specified flows for fault analysis.

Precautions for quintuple packet capture configuration on the USG9000 series
Quintuple packet capture affects device performance. Use it with caution. After locating network problems, you should clear packet capture queues to release memory.

Precautions for quintuple packet discard statistics configuration on the USG6000 series
Quintuple packet discard statistics affect device performance. Use it with caution. After locating network problems, stop the statistics.

Whether the USG6000 supports capturing packets
You can enable the packet capture function on the USG6000 as follows: 1. Enable the packet capture function through the CLI as follows: a. Define the packet capture range. In this example, packets from 192.168.1.0 are captured. system-view Enter system view, return user view with Ctrl+Z. [sysname] acl 3000 [sysname-acl-adv-3000] rule permit ip source 192.168.1.0 0.0.0.255 [sysname-acl-adv-3000] quit b. Run the following command to put all IPv4 packets passing the interface and matching ACL 3000 to the packet sending queue. [sysname] packet-capture ipv4-packet 3000 interface GigabitEthernet 1/0/1 c. Start to capture packets. [sysname] packet-capture startup manual d. Save packets in the specified queue as file 1.cap on the device. The default directory is hda1:/. [sysname] packet-capture queue 0 to-file 1.cap e. After packet capture completes, terminate the packet capture process. [sysname] undo packet-capture startup f. Use FTP to download file 1.cap from the device, use the Wireshark to open the file, and analyze the captured packets.

Quintuple on the USG6000 series
The quintuple of the firewall refers to the source address, destination address, source port, destination port, and protocol port.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top