IBM Support

QRadar Packet Capture in not available via web interface after update

Question & Answer


Why is QRadar Packet Capture unavailable after a version update?


PCAP uses different ports in different versions.


IBM® Security QRadar® Packet Capture is a network traffic capture and search application.

For more information, see the QRadar Packet Capture usage overview on the IBM Knowledge Center.

QRadar 7.2.5 and under uses 443 port, while QRadar 7.2.6/7.2.7/7.2.8 uses port 41390. After a QRadar update Pcap becomes unreachable, you need to use: https://pcapIP:41390 instead of https://pcapIP.

Note: Also, SSH port is 4477 and not 22.

Where do you find more information?

[{"Product":{"code":"SSMU35","label":"IBM QRadar Network Packet Capture Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
28 October 2020