Environment
- App Control (formerly CB Protection): All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
This document describes how to collect Wireshark logs (packet capture) for support cases. This is primarily used in cases of disconnected agents. But can also be helpful in SSL, communication, and Cipher cases.
Resolution
- Firstly download and install Wireshark from the official Wireshark site https://www.wireshark.org/download.html
- After installation, open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
- Change the SSL port listing to include the Agent port (default 41002)
- After saving the options listed above, navigate back to the main Wireshark page, and select the default NIC and start a capture
- After 5-10 minutes of network capture, stop the capture, and save the collection as DEVICENAME.pcapng
- Zip the file
- Upload the zip file here: https://community.carbonblack.com/groups/cb-vault
- Once the upload completes, please comment in the case when the data is available for review
Related Content
