# Traffic capture guidance and validation ## Traffic Capture Guidance {% hint style="info" %} If capture ports are connected before pairing is completed, the Sensor will not buffer any traffic. {% endhint %} As long as you are paired with a Brain appliance, once the vSensor begins seeing traffic on any of its capture ports, it will begin creating a metadata stream that will then be forwarded to the Brain for further processing. Sensors also have a rolling capture buffer that the Brain will request PCAPs from. The PCAPs will be attached as evidence with network detections as they are created. Additionally, [Vectra packet capture](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/using-vectra-packet-capture-pcap) allows users to configure PCAPs to be downloaded from the Brain for analysis with 3rd party tools such as Wireshark. **Guidance:** * Capture ports do not get assigned IP addresses. * The `show traffic stats` command, available at the Sensor’s CLI, may be useful to see if your traffic capture is successful before you can see the traffic graphs in your Brain’s GUI. * See [Traffic Graph showing no traffic (0 Mbps)](https://support.vectra.ai/vectra/article/KB-VS-1177) for more details. * See [Vectra NDR (Detect) and Network Identity Architecture Overview](https://docs.vectra.ai/deployment/getting-started/ndr-network-identity-architecture) for architecture guidance. * See [Vectra Platform Network Traffic Recommendations](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/network-traffic-recommendations) for what to capture. * See [Asymmetry concerns in Vectra sensor feeds](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/asymmetry-concerns) for guidance around asymmetric flows. ## **Turning off PCAP generation** If required, Sensors can be configued to not allow PCAP creation when there are regulatory or privacy concerns. Navigate to *Configuration → COVERAGE → Data Sources → Network → Sensors* in your Vectra UI and edit the desired Sensor. Ensure the checkbox shown below is checked for Sensors you do not wish to perform any PCAP functions and then save your Sensor configuration:
## Traffic Validation For a quick spot check to see that you are receiving any traffic at all via the vSensor you many want to check the GUI and/or CLI for statistics. If the vSensor is seeing more than 1 Mbps of traffic, this will show in the GUI under *Network Stats > Ingested Traffic* after a few minutes. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-7d93d071b331fbae7870ac5289078624a90ccf58%2Fvmware-vsensor-deployment-guide-15.png?alt=media) * You can see traffic flow immediately at the CLI of the Sensor using the `show traffic stats` command. * Please note that this command will only function after the vSensor has been paired and updated from the Brain. For details, please see details about the intial embryo state of vSensors in your vSensor deployment guide. * Execute this command a few times in a row to see increasing packet counts. ![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-ba22877951eb4d06ea0d566722af554e896413a7%2Fvmware-vsensor-deployment-guide-12.png?alt=media) After sending traffic to your Sensors, it is a best practice to validate that the traffic observed meets quality standards required for accurate detection and processing. Vectra’s Network Traffic Validation feature provides alarms and metrics that can be used to validate the quality of your traffic. See [Traffic Validation (ENTV)](https://docs.vectra.ai/deployment/traffic-engineering-and-validation/traffic-validation-entv) for details on validating your traffic quality. ## Worldwide Support Contact Information * **Support portal:** [https://support.vectra.ai](https://support.vectra.ai/) * **Email:** (preferred contact method) * **Additional information:**