QRadar Packet Capture in not available via web interface after update

Question & Answer

Question

Why is QRadar Packet Capture unavailable after a version update?

Cause

PCAP uses different ports in different versions.

Answer

IBM® Security QRadar® Packet Capture is a network traffic capture and search application.

For more information, see the QRadar Packet Capture usage overview on the IBM Knowledge Center.

QRadar 7.2.5 and under uses 443 port, while QRadar 7.2.6/7.2.7/7.2.8 uses port 41390. After a QRadar update Pcap becomes unreachable, you need to use: https://pcapIP:41390 instead of https://pcapIP.

Note: Also, SSH port is 4477 and not 22.

Where do you find more information?

[{"Product":{"code":"SSMU35","label":"IBM QRadar Network Packet Capture Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"General Information","Platform":[{"code":"PF016","label":"Linux"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar Packet Capture in not available via web interface after update

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?