This article describes the procedure for downloading the captures from the SSL Visibility appliance and then using Cygwin to generate them.

This is a good solution to avoid running pscp.exe and dealing with the user / folder permissions.
In addition, it shows the utilization of filters and select interfaces.

Steps for downloading the captures:

1. Download and Install Cygwin following this article:​​​
   https://support.symantec.com/en_US/article.TECH245963.html

2. Open the CLI connection for the SSL Visibility appliance, then type:

> capture reset
> capture select 1 2 3 4 (interfaces for taking the capture)

> capture filter src-ip xx.xxx.xx.xx (host ip) dst-ip yy.yyy.yy.yy (destination IP)
* setting up the filter is an option, in case we need to catch all the traffic we just not write the filter line. *
> capture start
After allowing the required time, enter:
> capture stop

3. When done, a line similar to the following displays:

Capture file available via scp
Linux/Mac: scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz
Windows: pscp.exe -scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

4. Copy the linux line:

scp <user>@<appliance>:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

• Change "<user>" to the username, for example: sysadmin
• Change "<appliance>" to the IP address of the device, example : xx.xxx.xx.xx

In this example it will be:
scp [email protected]:pcap_20160930200814_20160930200841.tar.gz pcap_20160930200814_20160930200841.tar.gz

5. Paste the line at the Cygwin prompt, enter the user password and type “Intro”

6. Then open the Cygwin folder, by default under cygwin64\home\User and you will find the pcap file.