Managing Packet Capture File

The ATIC Management center captures packets that meet conditions in the packet capture task, and save them into a packet capture file. The packet capture file can be used by the administrator to view attack events, trace attack sources, parse attack packets, and extract fingerprints for obtaining features and details on attackers, so that suitable defense policies can be configured. The packet capture file can also be downloaded to the local for other operations.

Choose Defense > Policy Settings > Packet Capture, click the Packet Capture File tab, and manage packet capture files:

View Event	Click of a packet capture file in the Operation column to view attack or anomaly events. For details, see Viewing Anomaly or Attack Events.
Trace Source	Click of a packet capture file in the Operation column to trace attack sources. For details, see Tracing Attack Sources Through a Packet Capture File.
Parse Packet	Click of a packet capture file in the Operation column to parse captured packets. For details, see Parsing Packets in a Packet Capture File.
Extract Fingerprint	Click of a packet capture file in the Operation column to extract fingerprints. For details, see Extracting Fingerprints from a Packet Capture File.
Download	Click of a packet capture file in the Operation column to download the file. For details, see Downloading a Packet Capture File.
View Packet Capture Task	Click Task Name of a packet capture file to view information about the packet capture task that generates the file.
Delete	Delete one packet capture file: Click in the Operation column to delete the corresponding packet capture file. Delete files in batches: Select the check boxes of multiple packet capture files and click above the list to delete the selected files. Select the check box on the title bar and click above the list to delete all the displayed packet capture files.
Search	Basic search In the basic search area, select Task Name and File Name as search conditions, and then click . Advanced search Click Advanced Search. In the advanced search area that is displayed, set search conditions such as Start Time, End Time, Packet Capture Type, File State, Task Name, and File Name, and then click Search.

• Viewing Anomaly or Attack Events
  For a packet capture file of Zone Attack Matched or Zone Anomaly Matched, you can view related anomaly or attack events for further analysis.
• Tracing Attack Sources Through a Packet Capture File
  For the packet capture files of Global Defense Matched, Zone Attack Matched or Zone Anomaly Matched, you can obtain attack sources by tracing a packet capture file. Suspicious IP address can also be blacklisted for effective attack defense.
• Parsing Packets in a Packet Capture File
  Packet parsing can be performed on all packet capture files to obtain details on the packets.
• Extracting Fingerprints from a Packet Capture File
  For the packet capture files of Zone Attack Matched or Zone Anomaly Matched, you can obtain the features of anomalies or attacks by extracting fingerprints. The fingerprints can be added to the Zone fingerprint list as the reference of traffic cleaning.
• Downloading a Packet Capture File
  The packet capture file can be downloaded to the local for future operations.