This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Packet Capture and Denied Applications

Does anyone know if the packet capture feature is pre- or post- rule application? I'm trying to identify exactly what XG is tagging as TOR Proxy traffic (I think it is a Google SSL tunnel used for Apps Outlook Sync) but I'm not seeing any packets in PCAP that match the destination IP/port shown as being denied in the App Filter logs.

This thread was automatically locked due to age.

Parents

0 sachingurung over 7 years ago

Hi Gary,

What filter did you define to do a packetcapture? TOR Proxy changes the destination proxy's IP address frequently and this could be the reason to for no match. I think, Packet Capture is accounted with connection tracking module which comes before the rule application. Check #2 in my Troubleshooting Guide.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 sachingurung over 7 years ago

Hi Gary,

What filter did you define to do a packetcapture? TOR Proxy changes the destination proxy's IP address frequently and this could be the reason to for no match. I think, Packet Capture is accounted with connection tracking module which comes before the rule application. Check #2 in my Troubleshooting Guide.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data