APM packet capture analysis

  1. Navigate to Usage > Packet Capture.
  2. Click on any link to see detailed capture results.

Packet Capture uses the following Wireshark filters to provide alert and warning statistics:

Filter Expression
Bad TCP tcp.analysis.flags
DNS errors dns.flags.rcode > 0
BitTorrent bittorrent
SMTP errors smtp.response.code >= 400 and smtp.response.code < 600
FTP errors ftp.response.code >= 400 and ftp.response.code < 600
HTTP server errors http.response.code >= 500 and http.response.code < 600
HTTP client errors http.response.code >= 400 and http.response.code < 500
SIP errors sip.Status-Code >= 400
ICMP errors or warnings icmp.type eq 3 or icmp.type eq 4 or icmp.type eq 5
Spanning Tree topology change stp.type == 0x80
  1. Click a non-link portion of any row to reveal the side panel.
  2. Packet Capture presents analysis of the packet capture over several tabs on the capture details page. There are only a few actions you can perform on this page:
  • download the capture, start a new capture based on the same parameters, or delete the capture;
  • on the overview tab, edit the capture name and add comments;
  • on the related paths tab, click a path to display all of the captures related to that path.

Download a packet capture

Packet captures are packaged as a gzip compressed .pcap file, delivery format supported by Wireshark.

  1. Navigate to Usage > Packet Captures.
  2. Select > Download.
  3. Enter your passphrase when prompted.
  4. To uncompressed the file:
  5. Rename it with a .gz extension.
  6. Unzip it as you would normally.