Instead of starting a packet capture manually, you can schedule captures to start and stop automatically once or on a schedule.

Schedule a packet capture

Prior to creating a packet capture schedule you must set up for packet capture (Note that if you don’t set the passphrase, the schedule will run but every capture will fail). When creating a packet capture schedule, you can create the capture and the schedule from scratch or you can create a schedule based on an existing packet capture.

Create a packet capture and a schedule from scratch

To create a packet capture and a schedule from scratch:

  1. Navigate to Usage > Packet Capture Schedules.
  2. Click + Create New Schedule.
    • In the Name field, specify a name for the capture.
    • In the Monitoring Point dropdown, select the monitoring point to capture from.
    • In the Capture Interface dropdown, select the monitoring point capture interface to use.
    • In the Packet Limit field, specify the maximum number of bytes to store of each captured packet.
      • Default: 96 bytes. Range: 68 - 65,535
      • Deselect this option to capture entire packets.
    • In the Capture Filter field, use a filter to specify which packets are captured.
      • The filter uses libpcap syntax. For examples, click the icon. Filtering only the traffic you care about will reduce the capture size. This provides a longer captured duration, and it ensures that the capture analysis is relevant to the problem you are trying to solve.
      • Leave the field blank to capture all packets.
    • In the Related Network Paths field, specify network paths associated with the capture to have the path name appear in relevant areas of the user interface and reports.
    • In the Start First Capture field, enter the date and time to start the first capture.
    • In the Capture Duration field, specify when to stop the capture.
    • In the Repeat Capture field, specify how often to run the capture and how many captures to save.
    • In the Recurrence Schedule field, specify how often to repeat the schedule.
    • In the Time Zone field, specify the time zone to base the capture schedule on.
  3. Click Create Schedule.
    • The packet capture schedule is created and started.

Create a schedule using an existing packet capture

To create a schedule using an existing packet capture:

  1. Navigate to Usage > Packet Captures.
  2. For the capture you want to schedule, select > Schedule This.
    • Capture parameters are pre-populated. Only the schedule parameters need to be specified.
    • In the Start First Capture field, enter the date and time to start the first capture.
    • In the Capture Duration field, specify when to stop the capture.
    • In the Repeat Capture field, specify how often to run the capture and how many captures to save.
    • In the Recurrence Schedule field, specify how often to repeat the schedule.
    • In the Time Zone field, specify the time zone to base the capture schedule on.
  3. Click Create Schedule.
    • The packet capture schedule is created and started.

Stop a packet capture schedule

Stopping a packet capture schedule stops scheduled captures and, if specified, stops the scheduled capture that is currently running. Once stopped, the schedule cannot be restarted directly. If you want to run the schedule again, you need to create a copy of it.

To stop a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. For the schedule you want to stop, select > Stop.
    • The schedule is stopped.
    • The Next Run column shows “Stopped”.

View scheduled packet captures

To view scheduled packet captures:

  1. Navigate to Usage > Packet Capture Schedules.
    • The schedules are listed.
    • A schedule is in progress if the Next Run column has a date and time.
    • A schedule is complete if the Next Run column shows “Completed”.
    • A schedule is stopped if the Next Run column shows “Stopped”.

View results from scheduled packet captures

To view results from scheduled packet captures:

  1. Navigate to Usage > Packet Capture.
  2. Click the name of the packet capture schedule you are interested in.
    • The captures related to the capture schedule are listed
  3. Click the name of the capture you are interested in.
    • The capture results are displayed on a number of tabs:
      • Overview - provides high-level capture details.
      • Alerts and Warnings - displays the number of packets in the capture that match a predefined set of display filters that identify notable network behavior that you may be interested in.
      • Protocol Breakdown - displays the number of packets, and the number of bytes in those packets, for each protocol in the capture.
      • Conversations - displays the network conversations (traffic between two specific endpoints for a protocol layer) with the highest total number of bytes.
      • Related Network Paths - lists the network paths associated with the capture. Click a path to display all of the captures related to that path

Edit a packet capture schedule

You cannot edit a packet capture schedule directly. You must make a copy and then edit the copy.

To edit a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. For the schedule you want to edit, select > Copy.
  3. Edit the copied packet capture schedule as appropriate.
  4. Click Create Schedule.
    • The packet capture schedule is created and started.

Copy a packet capture schedule

To copy a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. For the schedule you want to copy, select > Copy.
  3. Edit the packet capture schedule as appropriate.
  4. Click Create Schedule.
    • The packet capture schedule is created and started.

Rename a packet capture schedule

To rename a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. Click the capture schedule you are interested in.
  3. In the Name field, click the edit link.
  4. Specify the new name.
  5. Click OK.
    • The packet capture schedule name is changed.

Add comments to a packet capture schedule

To add comments to a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. Click the capture schedule you are interested in.
  3. In the Comments field, click the edit link.
  4. Add your comments.
  5. Click OK.
    • Your comments are added to the capture schedule.

Delete a packet capture schedule

A packet capture schedule must be stopped before it can be deleted.

To delete a packet capture schedule:

  1. Navigate to Usage > Packet Capture Schedules.
  2. For the schedule you want to delete, select > Delete.
  3. Click OK.
    • The packet capture schedule is deleted.