Packet Dump used to be a hidden option in Kerio Control and you needed ssh to get the logs or even to remove them. That's no longer the case.
But so what? Why would you want a packet dump anyway?
The answer is simply that tools like Wireshark are much more convenient and powerful when you are trying to solve stick network issues. While Wireshark is capable of generating its own files, sometimes you want data straight from the horse's mouth: that is, you want to analyze packets as they pass through the firewall. The easiest way to do that is to get a packet dump and then copy it to some machine that has Wireshark to look at it.
Generating the log
That's easy: Right click in the Debug log and choose Packet Dump.
You need to provide an expression that tells Control what packets you want to see. The simplest expression is what I used here: "any", which means what you think it does - everything goes in the file when you click "Start".
You can filter on specific conditions. See Using logs - IP traffic in Debug log for details. These are the same filters used to just write traffic to the log, which you might do in a more simple situation.
Notice that Control shows you how big the file is getting as it runs. That helps a lot - in former versions, you flew blind unless you logged in with ssh and watched the file from the command line. With this, you know it's working and you know how big it is getting.
After you click "Stop", you can click "Download" to bring the packet dump file down to your computer.
When you close the Packet Dump window, Control helpfully offers to clean up the disk space:
Should you start another dump. it will overwrite your previous file: no appending here. Of course you can download multiple files and join them together later if you need to.
That's it. Simple, but powerful.
Got something to add? Send me email.
Increase ad revenue 50-250% with Ezoic
More Articles by Anthony Lawrence
Find me on Google+
© 2013-07-08 Anthony Lawrence