This article describes the steps to configure Sophos Firewall’s packet capture feature. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
Go to Diagnostics > Packet Capture and click Configure. Fill the required fields as shown below:
BPF (Berkeley Packet Filter) string provides a raw interface to data link layer permitting raw link-layer packets to be sent and received. BPF is an independent protocol and uses a filter-before-buffering approach.
Below are some examples of BPF string to filter specific packets:
Once the capture filter is configured, you can start capturing packets by turning the packet capture ON.
Turn it OFF once you have enough packets to analyze.
The details of the selected packet are displayed in the Packet Information section.
For granular packet capture results, you can filter more by clicking on Display Filter and adjust the criteria as needed.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.