Cloud Firewall provides the packet capture feature. You can use the feature to capture network data packets for specific IP addresses and ports at the Internet border. This way, you can quickly analyze the packets, diagnose network issues, and analyze potential attack behavior to identify security risks in network communication. This topic describes how to use the packet capture feature.
Limits
Enterprise Edition and Ultimate Edition of Cloud Firewall support this feature. Basic Edition and Premium Edition of Cloud Firewall, and Cloud Firewall that uses the pay-as-you-go billing method do not support this feature. The following list describes the quota of packet capture tasks for each Alibaba Cloud account in each edition:
If you use Enterprise Edition of Cloud Firewall, the quota is 20 per day.
If you use Ultimate Edition of Cloud Firewall, the quota is 50 per day.
You can use the packet capture feature to capture only traffic at the Internet border.
If the IP address and its peer IP address specified in a packet capture task are IP addresses in the same Alibaba Cloud region, the traffic may fail to be captured. In this case, submit a ticket to contact technical support.
Create a packet capture task
Log on to the Cloud Firewall console.
In the left-side navigation pane, choose .
In the Packet Capture section, click Capture Now.
On the Packet Capture page, click Create Packet Capture Task.
Configure the following parameters to create a packet capture task and click OK.
Parameter
Description
Task Name
The name of the packet capture task. We recommend that you enter an informative name, such as a name that indicates the purpose of the task.
Maximum Bytes
The maximum number of bytes in a packet that can be captured. If the number of bytes in a packet exceeds the value of this parameter, the packet is discarded. The value must be an integer that is no greater than 1048576.
Duration (s)
The maximum duration of the packet capture task. Unit: seconds. If you use Cloud Firewall Enterprise Edition, set this parameter to 300. If you use Cloud Firewall Ultimate Edition, set this parameter to 600.
Protocol
The protocol type that is used for the packet capture task. Valid values:
All
TCP
UDP
ICMP
IP Address Type
The type of the IP address configuration. Valid values:
IP: Only packets that are sent to or from a specific IP address are captured. You can enter only one IP address.
IP Address Pair: Only packets that are transmitted between a specific IP address and its peer IP address are captured. You can enter only one IP address and its peer IP address.
IP
The IP address for which you want to capture packets.
Port
The port for which you want to capture packets.
Peer IP
The peer IP address for which you want to capture packets. This parameter is required only if you set the IP Address Type parameter to IP Address Pair.
Peer Port
The peer port for which you want to capture packets. This parameter is required only if you set the IP Address Type parameter to IP Address Pair.
You can go to the Packet Capture page to view the newly created packet capture task and the status of the task. If the status of the task changes to Completed in the Status column, the packet capture task is complete.
Download packet capture data
On the Packet Capture page, click Download File.
After you download the file, open the file and check whether the data in the file is required in your workloads. This way, you can identify security risks in network communication.