Downloading traffic received by the node monitoring points

You can download traffic received by the application through monitoring points on nodes. The traffic is downloaded to a PCAP file. You can configure network packet filtering to download the relevant data.

The application downloads traffic from the traffic dump file storages. Both the internal storage of each node (created automatically when an application component is installed on the node) and the external storage, if connected on the node, can be used to download traffic.

When downloading traffic, take the following considerations into account:

Traffic dump files are temporarily stored in the storages and are automatically deleted as new traffic is received. The frequency of file deletion depends on the amount of traffic received and on the specified application data storage settings. The traffic cannot be downloaded if the corresponding traffic dump files are deleted from the repositories.
Only the users with the Administrator role can download traffic received by node monitoring points.

To download traffic received by the node monitoring points:

Connect to the Kaspersky Industrial CyberSecurity for Networks Server through the web interface using the Administrator account.
Select Settings → Deployment.
Do one of the following:
- To download traffic received by the monitoring points of a certain node, select the tile of this node.
- To download traffic received by a specific monitoring point, select the network interface card with this monitoring point.
The details area appears in the right part of the web interface window.
Click Download traffic. If the button is not displayed in the toolbar, click the button and select the desired item in the menu that opens.
Do the following in the opened window:
- To download traffic for a certain period of time, define the desired boundaries using the Period of traffic to download setting.
  The default period is one hour.
- Set a limit on the maximum volume used for the downloaded traffic in the Download volume limit section.
  If the volume of the downloaded traffic exceeds the specified limit, the traffic that arrives later is skipped.
- When a node tile is selected, if necessary, enable filtering in the Filtering by monitoring points section and specify the monitoring points of the node that receives the traffic (this section is displayed if a node tile is selected).
  By default, all monitoring points available on the selected node are specified.
- If necessary, enable filtering in the Filtering by address spaces section and specify the address spaces to which the addresses in the network packets belong (this section is displayed if additional address spaces are added to the application).
  By default, all address spaces created in the application are specified.
- If necessary, enable filtering in the Filtering using BPF section and enter a filtering expression using the Berkeley Packet Filter (BPF) technology based on the address settings of the network packets.
  Filtering expression example:
  tcp port 102 or tcp port 502
- If necessary, enable filtering in the Filtering using regular expressions section and enter an expression for filtering based on payload data in network packets.
  Filtering expression example:
  ^ test. + xABxCD
Click Download.
If file generation takes a long time (more than 15 seconds), the operation is moved to the background. If this is the case, follow these steps to download the file:
1. Click in the application web interface menu.
  The list of background operations opens.
2. Wait for the file generation operation to complete.
3. Click Download file.

Your browser will save the downloaded file. Depending on your browser settings, your screen may show a window in which you can change the path and name of the saved file.