All Products
Search

This Product

    Cloud Firewall:Packet capture

    Document Center

    Cloud Firewall:Packet capture

    Last Updated:Apr 01, 2026

    Cloud Firewall provides a packet capture tool that enables you to capture traffic on the internet border based on specific IP addresses and ports. You can use this tool to quickly analyze packet content, diagnose network issues, investigate potential attack behavior, and identify network security risks. This topic describes how to use the packet capture tool.

    Limitations

    The packet capture feature is available in Cloud Firewall Enterprise Edition and Ultimate Edition. This feature is not available in Basic Edition, Premium Edition, and pay-as-you-go instances. The daily quota of packet captures for an Alibaba Cloud account is as follows:

    • Enterprise Edition: 20 captures per day

    • Ultimate Edition: 50 captures per day

    Packet capture supports only traffic on the internet border.

    If the source IP and destination IP for a packet capture task are both located within the same Alibaba Cloud region, traffic might not be captured. In this scenario, contact technical support for assistance.

    Create a packet capture task

    1. Log on to the Cloud Firewall console.

    2. In the left-side navigation pane, choose Settings > Toolbox.

    3. In the Packet Capture section, click Capture Now.

    4. On the Packet Capture page, click Create Packet Capture Task.

    5. Configure the task parameters as described in the following table and click OK.

      Parameter

      Description

      Task Name

      The name of the packet capture task. A descriptive name is recommended.

      Maximum Bytes

      The maximum number of bytes to capture from each packet. The system truncates packets that exceed this size. The value must be an integer up to 1048576.

      Duration (s)

      The maximum duration of the packet capture task, in seconds. The limit is 300 seconds for Enterprise Edition and 600 seconds for Ultimate Edition.

      Protocol

      The protocol of the traffic to capture. Valid values:

      • All

      • TCP

      • UDP

      • ICMP

      IP Address Type

      The type of IP address configuration. Valid values:

      • IP: Captures packets to or from a single specified IP address. You can enter only one IP address.

      • IP address pair: Captures packets transmitted between a specified source and destination IP address.

      IP

      The source IP address.

      Port

      The source port.

      Peer IP Address

      Set the IP address of the peer. This parameter is required only when IP address type is set to IP address pair.

      Peer Port

      Set the peer port. This parameter is required only if the IP address type is set to IP address pair.

    On the Packet Capture page, you can view the new task and its status. The task is complete when the Status column shows Completed.

    Download the captured data

    1. On the Packet Capture page, find the desired task and click Download File in the Actions column.

      image

    2. After the download completes, open the file to analyze the captured data. You can check whether the traffic matches your expected business patterns and identify potential network security risks.

    References