How Capture ICAP PACKETS

Step 1: Open Putty

Connect to the server 10.240.4.240 & 10.240.4.241

Login as: sysadmin

Then login again as super user

Step 2 : Run this command tcpdump -w test.pcap -i eth0 tcp port 1344 to capture the traffic then
hit enter

Step 3 : Test & send data through facebook and yahoo with confidential data such as creditcard
(USING BROWSER with configured Proxy or ICAP)

Step 4: Then after a few minutes go back to the Putty Press ctrl+c to stop the gathering of data.
5. Open winscp then connect to the servers (10.240.4.240 & 10.240.4.241

Step 6 : click the new session and connect to the another server

Step 7 : Copy the log files to your local directory by dragging the file towards right.
To check if that is the file you need to copy, you can verify it by checking the date
if its recent date its the log file you need.
Step 7 : after you copy the log file, please change the name so in the next server it will not overwrite

Step 8 : Copy again the log file from another server then rename
After that please send us the file so we can further investigate.