Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect Wireshark Captures for Support Cases

App Control: How to Collect Wireshark Captures for Support Cases


  • App Control (formerly CB Protection): All Supported Versions
  • Microsoft Windows: All Supported Versions


This document describes how to collect Wireshark logs (packet capture) for support cases. This is primarily used in cases of disconnected agents. But can also be helpful in SSL, communication, and Cipher cases.


  1. Firstly download and install Wireshark from the official Wireshark site https://www.wireshark.org/download.html
  2. After installation, open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
  3. Change the SSL port listing to include the Agent port (default 41002)
  4. After saving the options listed above, navigate back to the main Wireshark page, and select the default NIC and start a capture
  5. After 5-10 minutes of network capture, stop the capture, and save the collection as DEVICENAME.pcapng
  6. Zip the file
  7. Upload the zip file here: https://community.carbonblack.com/groups/cb-vault
  8. Once the upload completes, please comment in the case when the data is available for review

Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: