Scott Register
VP, Product Management
Blog

PCAP in a Snap

June 15, 2016 by Scott Register

Ever need a snapshot of what’s going on in your network? Need to figure out what that new application hogging your bandwidth is, or why someone can’t read their email, or just what’s in that suspicious traffic coming from the People’s Republic of Hackistan? Well, now you can, thanks to the new PCAP generator built into Ixia’s Application and Threat Intelligence Processor (ATIP).

You can highlight exactly the traffic you want, choosing what to include or exclude, and It’s all done with the intuitive point-and-click UI. Let’s say in this case, I’m curious about SNMP traffic between my office and India. First, I just create a new filter in the ATI Processor. I’ll select India by clicking on the map or typing it in the search box:

  PCAP1

Then I select the SNMP application:

PCAP2

And my filter is set. Of course, I can choose to forward the application traffic, or apply SSL decryption, or generate Netflow. But it’s not necessary. I can just define the filter I need and send the traffic straight to the PCAP.

Once I save the filter, I click on the filter name and I see a summary panel. I set the PCAP size anywhere from 1-100MB and click on START.  Notice the red light?

PCAP3

The red light beside a filter name means that a PCAP is being generated from that filter. The recording stops when I either click STOP or when the PCAP reaches the specified size. Once the red light goes out, I can click on the “View available PCAPS” icon to see the last 10 captured files and select the one I want to download:

PCAP4

And from there I can open it up in Wireshark.

Here's a video demo of the whole process:

If there’s an easier way to pinpoint exactly the traffic you want to see, using anything from geolocation to app-id to regex to handset type, and get it into a PCAP on your laptop, I’ve never seen it. The ATIP team is really excited to bring you this feature; in conjunction with our just-released UI-based RegEx filtering, we think this will be a big time-saver for our customers when they’re troubleshooting a problem or tracking down a security issue.