Network dumps file contain all information about network traffic on Kaspersky NGFW captured using the tcpdump utility, pcapdump
commands, or the network packet capture functionality an IDPS rule is triggered.
Network dump files created using the tcpdump utility are saved in the directory on Kaspersky NGFW specified by the Kaspersky NGFW administrator when running the utility. Access to these network dump files requires root privileges.
The administrator of Kaspersky NGFW can use the tcpdump utility to manually create network dump files.
Network dump files created using pcapdump
commands are saved in the /var
directory in Kaspersky NGFW. The pcapdump
commands create network dump files when you enable local packet capture.
Network dump files created by the network packet capture functionality when an IDPS rule is triggered are sent as part of an IDPS security event to a SIEM system configured by the administrator of Kaspersky NGFW.
Network dump files created by the network packet capture functionality when an IDPS rule is triggered may contain decrypted TLS/SSL traffic.
Page top