Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect Wireshark Captures for Support Cases

App Control: How to Collect Wireshark Captures for Support Cases

Environment

  • App Control (formerly CB Protection): All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

This document describes how to collect Wireshark logs (packet capture) for support cases. This is primarily used in cases of disconnected agents. But can also be helpful in SSL, communication, and Cipher cases.

Resolution

  1. Firstly download and install Wireshark from the official Wireshark site https://www.wireshark.org/download.html
  2. After installation, open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
  3. Change the SSL port listing to include the Agent port (default 41002)
  4. After saving the options listed above, navigate back to the main Wireshark page, and select the default NIC and start a capture
  5. After 5-10 minutes of network capture, stop the capture, and save the collection as DEVICENAME.pcapng
  6. Zip the file
  7. Upload the zip file here: https://community.carbonblack.com/groups/cb-vault
  8. Once the upload completes, please comment in the case when the data is available for review

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
932
Contributors