I’ve never really understood Packet Monitor. So a kind SonicWall tech was able to explain it to me. Hold onto your packets!
- Packet capture is found under Investigate > Tools > Packet Monitor.
- Make sure it is Stopped and Cleared.
- Click Configure.
- Monitor Filter:
- Ether Type: ip
- IP Type: tcp (usually)
- Source IP Address: <source IP>
- Source Port: <optional>
- Destination IP Address: <also optional, but helps>
- Destination Port: <optional>
- Advanced Monitor Filter:
- Check ALL the boxes
- Click OK.
- Ready your test and click Start Capture.
- It is important to Stop Capture once you’ve concluded the test otherwise you will have an overflow of packets and fill up the buffer quickly. You can also click Clear to empty the buffer and start again.
Definition of Statuses
| Consumed | Packet stops at the firewall. Could be due to the packet being destined for the firewall such as a ping to the SonicWall’s IP address. |
| Generated | The opposite of Consumed. It means the SonicWall generated the packet. This is rare in troubleshooting. |
| Dropped | Packet is blocked at the firewall. This is usually due to a faulty or missing rule. Check the Packet Detail for more information. This is what you need to be looking for if you suspect the firewall is at fult. |
| Forwarded | This means traffic is passing normally and all is fine. The SonicWall forwarded the packet to its intended destination. |
| Received | The packet came to the firewall, but the SonicWall does not have a destination of where to send it. Usually caused by a faulty ARP table entry or the server is offline. Eventually the packet will become discarded. |