How to Collect a Wireshark Capture

How to Collect a Wireshark Capture

Environment

  • Wireshark: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

To collect a Wireshark capture for network connectivity issues

Resolution

  1. Download and install Wireshark. (Npcap is required to record live traffic)
  2. Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
  3. Add the SSL Port (i.e., sensor port) used depending on the product.
  4. Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
  5. After 5-10 minutes of capturing network activity and of reproducing the issue, stop the capture and save the collection as: {devicename}.pcapng
  6. Zip the file.
  7. Upload to CB Vault
  8. Comment on the case that the data has been uploaded to CB Vault.

Additional Notes

  • A PCAP is not requested as a first step in resolving a server/sensor communication issue unless absolutely necessary.
  • This can be used as supplemental data for troubleshooting server to sensor, SSL, and quarantine communication.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-27-2019
Views:
1695
Contributors