Network dump files

Network dumps file contain all information about network traffic on Kaspersky NGFW captured using the tcpdump utility, pcapdump commands, or the network packet capture functionality an IDPS rule is triggered.

Network dump files created using the tcpdump utility are saved in the directory on Kaspersky NGFW specified by the Kaspersky NGFW administrator when running the utility. Access to these network dump files requires root privileges.

The administrator of Kaspersky NGFW can use the tcpdump utility to manually create network dump files.

Network dump files created using pcapdump commands are saved in the /var directory in Kaspersky NGFW. The pcapdump commands create network dump files when you enable local packet capture.

Network dump files created by the network packet capture functionality when an IDPS rule is triggered are sent as part of an IDPS security event to a SIEM system configured by the administrator of Kaspersky NGFW.

Network dump files created by the network packet capture functionality when an IDPS rule is triggered may contain decrypted TLS/SSL traffic.

Page top