PDF(72.8 KB) View with Adobe Reader on a variety of devices
Updated:July 9, 2014
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Using the Web User Interface, you can download the packet(s) that triggered Snort rule.The article provides the steps to download packet capture data (PCAP file) using the Web User Interface of a Sourcefire FireSIGHT Management System.
Cisco recommends that you have knowledge on Sourcefire FirePOWER device and the virtual device models.
The information on this document is based on Sourcefire FireSIGHT Management Center, also known as Defense Center, running software version 5.2 or greater.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Steps to Download PCAP File
Step 1: Login to a Sourcefire Defense Center or Management Center, and navigate to the Intrusion Events page as below:
Step 2: Using the check box, select the event(s) that you would like to download packet capture data (PCAP file).
Step 3: Scroll to the bottom of the page and either:
Click Download Packet to download the packets that triggered the selected intrusion event(s)
Click Download All Packets to download all packets that triggered the intrusion events in the current constrained view
Note: The downloaded packets will be saved as a PCAP. If you want to analyze the packet capture, you will need to download and install software that is capable of reading a PCAP file.
Step 4: When prompted, save the PCAP file to your hard drive.