PCAP SNAP

The PCAP Snap app is used to capture network traffic and then transfer it to designated Red Piranha servers for automatic analysis and manual examination. The most convenient aspect of using this application is that it has a phenomenal packet capture scheduler that can be used to add multiple schedules as per requirements.

Left-hand Navigation Panel > Compliance Control > PCAP SNAP

This feature of the PCAP snap application is programmed to set a pre-defined schedule for the packet capture. A particular time of the day can be selected to proceed with the packet capture process with the help of a user friendly interface. The objective of the packet capture process is to extract PCAP files from the Crystal Eye and send it to the Red Piranha servers for further analysis. These PCAP files are useful for troubleshooting a much focused event while app is programmed to smooth up complex troubleshooting process involving multiple devices in the Crystal Eye network.

While setting the packet capture schedule the administrator will be prompted to provide the following details:

  1. Schedule Name: This field would define the name of the schedule.
  2. Start Hour: This field defines the time at which the schedule is required to start. The start hour field accepts the time in hour’s format.
  3. Note: If packet capture is to be scheduled at 12:05 hrs then the hour’s part of the time i.e 12 must be entered in the Start Hour field and the minute’s part of the time i.e 05 must be entered in the Start Minute field.
  4. Start Minute: This field defines the time at which the schedule is required to start. The start hour field only accepts the time in hour’s format.
  5. Note: Only the minute’s part of the time must be entered here in this field.
  6. End Hour: This field defines the time at which the schedule is required to end. The end hour field only accepts the time in hour’s format.
  7. Note: If the scheduled packet capture is to end at 12:05 hrs then the hour’s part of the time i.e 12 must be entered in the End Hour field and the minute’s part of the time i.e 05 must be entered in the End Minute field.
  8. End Minute: This field defines the time at which the schedule is required to start. The start hour field only accepts hour’s format of the time.
  9. Repeat Schedule: Here the administrator can choose the frequency of the scheduled packet capture. This could be a One Time Scan or a Weekly Scan.
  10. Schedule Enabled: A packet capture schedule can be created and then it could be set as Enabled/Disabled.
  11. Upload Start Hour: This field defines the time at which the captured packets are uploaded to Red Piranha servers for automatic and manual PCAP analysis.

How to Schedule the Packet Capture (PCAP) Process?

Step 1: In the PCAP Snap application page, click the Add button under the Schedules section.

Step 2: You will now see Add New Schedule page. Enter the Schedule Name, Start Hour, Start Minute, End Hour, and End Minute.

Step 3: Select the Schedule from the dropdown.

Note: The packet capture process can be scheduled as a One Time or a Weekly affair.

Step 4: Enable or Disable the scheduled packet capture.

Step 5: Enter the Upload Start Hour and the Upload Start Minute. Now click the Add button.

Note: The PCAP Snap app will automatically schedule the server upload process for a time slot 5 minutes post packet capture process.

You will now see the scheduled details in the relevant table as highlighted in the screenshot:

Note: Once the scheduled packet capture process starts the app status will change to running as highlighted in the screenshot below. After the packets capture process ends, the PCAP files will appear in the Log Table which will eventually be sent to the Red Piranha server.