Filter
Top Products
System > Packet Monitor
152
SonicOS 5.8.1 Administrator Guide
Even when other monitor filters do not match, this option ensures that packets generated by
the SonicWALL appliance are captured. This includes packets generated by HTTP(S), L2TP,
DHCP servers, PPP, PPPOE, and routing protocols. Captured packets are marked with ‘s’ in
the incoming interface area when they are from the system stack. Otherwise, the incoming
interface is not specified.
Step 4 To monitor intermediate packets generated by the SonicWALL appliance, select the Monitor
Intermediate Packets checkbox. Selecting this checkbox enables, but does not select, the
subsequent checkboxes for monitoring specific types of intermediate traffic.
Step 5 Select the checkbox for any of the following options to monitor that type of intermediate traffic:
• Monitor intermediate multicast traffic – Capture or mirror replicated multicast traffic.
• Monitor intermediate IP helper traffic – Capture or mirror replicated IP Helper packets.
• Monitor intermediate reassembled traffic – Capture or mirror reassembled IP packets.
• Monitor intermediate fragmented traffic – Capture or mirror packets fragmented by the
firewall.
• Monitor intermediate remote mirrored traffic – Capture or mirror remote mirrored
packets after de-encapsulation.
• Monitor intermediate IPsec traffic – Capture or mirror IPSec packets after encryption and
decryption.
• Monitor intermediate SSL decrypted traffic – Capture or mirror decrypted SSL packets.
Certain IP and TCP header fields may not be accurate in the monitored packets, including
IP and TCP checksums and TCP port numbers (remapped to port 80). DPI-SSL must be
enabled to decrypt the packets.
• Monitor intermediate decrypted LDAP over TLS packets – Capture or mirror decrypted
LDAPS packets. The packets are marked with “(ldp)” in the ingress/egress interface fields
and will have dummy Ethernet, IP, and TCP headers with some inaccurate fields. The
LDAP server is set to 389. Passwords in captured LDAP bind requests are obfuscated.
• Monitor intermediate decrypted Single Sign On agent messages – Capture or mirror
decrypted messages to or from the SSO Agent. The packets are marked with “(sso)” in the
ingress/egress interface fields and will have dummy Ethernet, IP, and TCP headers with
some inaccurate fields.
Note Monitor filters are still applied to all selected intermediate traffic types.
Step 6 To save your settings and exit the configuration window, click OK.