Download Individual Capture Files

OT Security stores the packet capture data associated with each Event in the network. The data is stored as PCAP files, which can be downloaded and analyzed using Network Protocol Analysis tools (for example, Wireshark, and so on). You can also download PCAP files for the entire network, see Network.

Note: PCAP files are only available if the Packet Capture feature is activated. The Packet Capture feature can be activated from the Local Settings > System Configuration > Packet Captures, see Packet Captures. PCAP files are only available for events that relate to network activity, such as, Controller Activities, Network Threats, SCADA Events, and some types of Network Events.

Download a PCAP File

To download a PCAP file:

  1. In the Events page, select the check box next to the event for which you want to download the PCAP file.

  2. In the header bar, click Actions.

    The Actions menu appears.

  3. Select Download Capture File.

    The zipped PCAP file is downloaded to your local machine.