Each sensor maintains a real-time rolling packet capture buffer. When an issue is detected the sensor will automatically upload a zipped file containing the PCAP file of all Wi-Fi frames sent between the sensor and the access point that are in the buffer at the time that the issue was detected as well as a second PCAP file containing the datagrams corresponding to the traffic running on the physical interface. This file can be downloaded by pressing the "Download packet capture" on the issue detail modal.

The PCAP mode of each sensor can be set on the Advanced tab of the edit sensor modal. There are three modes: 

  • Disabled: completely disable packet capture on the sensor.
  • PCAP Light: the sensor will only upload a PCAP file on the first discovery of an issue.
  • PCAP Full: the sensor will upload a PCAP file on the first discovery and confirmation of an issue.

You can completely disable packet capture for all sensors under Settings > Testing > Core Configuration.

An on demand PCAP can be generated by pressing the  "Request PCAP file" button on the sensor page. The the current rolling packet capture buffer on the sensor will be uploaded as a zipped PCAP file (similar to the one described above), and you will receive a notification on the dashboard.

Uploaded PCAP files are only stored for 30 days.

Did this answer your question?