{"id":482,"date":"2020-07-27T21:33:27","date_gmt":"2020-07-28T03:33:27","guid":{"rendered":"https:\/\/www.curli.us\/?p=482"},"modified":"2020-07-27T21:33:30","modified_gmt":"2020-07-28T03:33:30","slug":"sonicwall-packet-monitor","status":"publish","type":"post","link":"https:\/\/www.curli.us\/?p=482","title":{"rendered":"SonicWall Packet Monitor"},"content":{"rendered":"\n<p>I&#8217;ve never really understood Packet Monitor.  So a kind SonicWall tech was able to explain it to me.  Hold onto your packets!<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Packet capture is found under <strong>Investigate > Tools > Packet Monitor<\/strong>.<\/li><li>Make sure it is Stopped and Cleared.<\/li><li>Click <strong>Configure<\/strong>.<\/li><li><strong>Monitor Filter<\/strong>:<ul><li>Ether Type: ip<\/li><li>IP Type: tcp (usually)<\/li><li>Source IP Address: &lt;source IP><\/li><li>Source Port: &lt;optional><\/li><li>Destination IP Address: &lt;also optional, but helps><\/li><li>Destination Port: &lt;optional><\/li><\/ul><\/li><li><strong>Advanced Monitor Filter<\/strong>:<ul><li>Check ALL the boxes<\/li><\/ul><\/li><li>Click <strong>OK<\/strong>.<\/li><li>Ready your test and click <strong>Start Capture<\/strong>.<\/li><li>It is important to <strong>Stop Capture<\/strong> once you&#8217;ve concluded the test otherwise you will have an overflow of packets and fill up the buffer quickly.  You can also click <strong>Clear<\/strong> to empty the buffer and start again.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Definition of Statuses<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>Consumed<\/td><td>Packet stops at the firewall.  Could be due to the packet being destined for the firewall such as a ping to the SonicWall&#8217;s IP address.<\/td><\/tr><tr><td>Generated<\/td><td>The opposite of Consumed.  It means the SonicWall generated the packet.  This is rare in troubleshooting.<\/td><\/tr><tr><td>Dropped<\/td><td>Packet is blocked at the firewall.  This is usually due to a faulty or missing rule.  Check the Packet Detail for more information.  This is what you need to be looking for if you suspect the firewall is at fult.<\/td><\/tr><tr><td>Forwarded<\/td><td>This means traffic is passing normally and all is fine.  The SonicWall forwarded the packet to its intended destination.<\/td><\/tr><tr><td>Received<\/td><td>The packet came to the firewall, but the SonicWall does not have a destination of where to send it.  Usually caused by a faulty ARP table entry or the server is offline.  Eventually the packet will become discarded.<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>I&#8217;ve never really understood Packet Monitor. So a kind SonicWall tech was able to explain it to me. Hold onto your packets! Packet capture is found under Investigate > Tools > Packet Monitor. Make sure it is Stopped and Cleared. Click Configure. Monitor Filter: Ether Type: ip IP Type: tcp (usually) Source IP Address: &lt;source &hellip; <a href=\"https:\/\/www.curli.us\/?p=482\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;SonicWall Packet Monitor&#8221;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[15,4,3],"tags":[],"class_list":["post-482","post","type-post","status-publish","format-standard","hentry","category-how-to","category-sonicwall","category-technology"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7BMx4-7M","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/posts\/482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.curli.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=482"}],"version-history":[{"count":2,"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/posts\/482\/revisions"}],"predecessor-version":[{"id":484,"href":"https:\/\/www.curli.us\/index.php?rest_route=\/wp\/v2\/posts\/482\/revisions\/484"}],"wp:attachment":[{"href":"https:\/\/www.curli.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.curli.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.curli.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}