Environment
- Wireshark: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
To collect a Wireshark capture for network connectivity issues
Resolution
- Download and install Wireshark. (Npcap is required to record live traffic)
- Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
- Add the SSL Port (i.e., Sensor/Agent port) used depending on the product.
- Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
- After 5-10 minutes of capturing network activity while reproducing the issue, stop the capture and save the capture as: {devicename}.pcapng
- Zip the file. and upload the Vault.
- Comment on the case that the data has been uploaded to CB Vault.
Additional Notes
- A PCAP is not requested by Support as a first step in resolving a communication issue, unless absolutely necessary.
- This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.
Related Content