Support

Support for business applications

Kaspersky Industrial CyberSecurity for Networks

Performing common tasks

Network session monitoring

Downloading network session traffic

Kaspersky Industrial CyberSecurity for Networks
Нет результатов
Online Help
FAQ Download Forum Contact support Recovery tools Product videos

Downloading network session traffic

March 22, 2024

ID 258283

Get as PDF

When viewing the network sessions table, you can download the traffic related to the selected network sessions. The traffic is downloaded to a PCAP file. You can configure network packet filtering to download the relevant data.

The application downloads the network session traffic from the traffic dump file storages. Both the internal storage of a node (created automatically when an application component is installed on the node) and the external storage, if connected on the node, can be used to download traffic.

When downloading the network session traffic, take the following considerations into account:

  • Traffic download is possible only for the network sessions registered during the analysis of traffic received at the monitoring points. If a network session was registered based on the data received from the EPP application, the application cannot download the traffic of this session.
  • Traffic dump files are temporarily stored in the storages and are automatically deleted as new traffic is received. The frequency of file deletion depends on the amount of traffic received and on the specified application data storage settings. The network session traffic cannot be downloaded if the corresponding traffic dump files are deleted from the repositories.
  • Only the users with the Administrator role can download network session traffic.

To download network session traffic:

  1. Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
  2. On the Network sessions tab in the Network map section, select the network sessions for which you want to download traffic.

    You can select no more than 100 network sessions.

  3. Click the Download traffic button.

    The details area appears in the right part of the web interface window.

  4. Perform the following actions:
    • To download traffic for a certain period of time, define the desired boundaries using the Period of traffic to download setting.

      By default, the maximum possible period is specified, from the start date and time of the earliest network session to the end date and time of the latest session from the selected sessions. If necessary, you can set boundaries within this period or set an empty value for one of the boundaries (for example, for the right boundary to download new traffic of the sessions that are not yet completed).

    • Set a limit on the maximum volume used for the downloaded traffic in the Download volume limit section.

      If the volume of the downloaded traffic exceeds the specified limit, the traffic that arrives later is skipped.

    • If necessary, enable filtering in the Filtering by monitoring points section and specify the monitoring points that received the desired traffic.

      By default, the monitoring points that receive the traffic of the selected network sessions are specified.

    • If necessary, enable filtering in the Filtering by address spaces section and specify the address spaces to which the addresses in the network packets of the selected network sessions belong (this section is displayed if additional address spaces are added to the application).

      By default, all address spaces created in the application are specified.

    • If necessary, enable filtering in the BPF filtering section and enter a filtering expression using the Berkeley Packet Filter (BPF) technology based on the address settings of the network packets of the selected network session.

      Filtering expression example:
      tcp port 102 or tcp port 502

    • If necessary, enable filtering in the Filtering using regular expressions section and enter an expression for filtering based on payload data in network packets of the selected network sessions.

      Filtering expression example:
      ^test.+xABxCD

  5. Click the Show button.
  6. If it takes a long time (more than 15 seconds) to create the file, the file creation operation is transferred to the list of background operations. In this case, to download the file:
    1. Click the Icon in the form of an arrow pointing to the tray. button in the menu of the application web interface.

      The list of background operations appears.

    2. Wait for the file creation operation to finish.
    3. Click the Download file button.

Your browser will save the downloaded file. Depending on your browser settings, your screen may show a window in which you can change the path and name of the saved file.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.