Cato Networks Knowledge Base

Taking a PCAP on a Socket

  • Updated


Cato Networks provides a PCAP (packet capture) utility that is built-in into the Socket WebUI, so anyone with the login credentials can diagnose network issues.

For more about the Socket WebUI, see Using the Socket WebUI.

Using the Socket WebUI to Take a PCAP

This section is the following step by step explanation of how to use the Socket PCAP utility to analyze issues in your network.

  1. Log in to the Socket WebUI from the Cato Management Application.

  2. Start the PCAP.

  3. Reproduce the problem.

  4. Download the PCAP file.

  5. Analyze the results in the file.

Logging in from the Cato Management Application

Admins with editor permissions can automatically log in to the Socket WebUI from the Cato Management Application.

To log in to the Socket WebUI:

  1. From the navigation menu, click Network > Sites and select the site.

  2. From the navigation menu, click Site Settings > Socket.

  3. From the Actions menu of the socket, select Socket WebUI.

The browser opens a new tab and logs in to the Socket WebUI.


The Socket WebUI automatically logs out when the window is idle for more than 10 minutes.

Starting the PCAP

Configure the PCAP settings for the specific interface to start the PCAP.

Best Practice: For troubleshooting most network issues we recommend that you to take a packet capture on the LAN interface. WAN packet captures can be useful if the Socket can't connect to a PoP, but once connected, all traffic over the WAN interface is encrypted and encapsulated in DTLS. It is difficult to analyze a PCAP with encrypted traffic.

To start the PCAP:

  1. In the Monitor page, click the PCAP column. The column expands to show the PCAP options.

  2. Enter the settings for the PCAP. You can select specific settings for Source, Destination and ports.


    These optional settings limit the traffic that is captures, without them the PCAP can have a lot of data in a short time.

  3. To start the capture, select the checkbox in the PCAP column.


Reproducing the Problem

While the PCAP utility is running, reproduce the network problem that you’re troubleshooting.

Downloading the PCAP File

Download the file that contains the data from the PCAP.


Important: Do not clear the checkbox until after you completed downloading the PCAP file. Otherwise,  you will lose the current capture.

To download the PCAP file:

  1. From the Socket WebUI, click Download.

  2. The PCAP utility saves the file to the download directory configured for your browser with this format: <site_name>.<account_name>.<interface>.<timestame>.pcapng

Analyzing the Packets

We recommend that you use Wireshark or a similar program to open the capture file and analyze the packets. Wireshark is a free program for Windows, Mac, and Linux that can be downloaded from

Was this article helpful?

0 out of 0 found this helpful



Please sign in to leave a comment.