Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945

Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!

Outage on MySophos and Partner Portal. You may contact Sophos Support through Phone.

TCPDump on RED10

Hi community,

in one of our remote sites, users are complaining about network problems (internet / intranet websites responding slowly, bad VoIP-quality, etc.)

I can rule out server problems, and the VPN-connection between the RED and the central Sophos UTM-firewall is far from being used at its capacity.


Therefore, I would like to run a TCP-Dump on the RED, but how ?

Is there anyone who can supply a guide on how to sniff packets on a RED ?


Thank you very much in advance.



  • Hallo Tobias,

    You didn't say what the uplink speed is at the HQ location.

    You can get the interface for the RED named "Bielefeld" to sniff with:

    cc get_object_by_name itfhw red_server 'Bielelfeld'|grep \'hardware

    Before you do that, do #1 in Rulz.  Any luck with that?

    You also might want to run ifconfig on the Internal and External interfaces and then review #7.

    Cheers - Bob