Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

How to Collect a Wireshark Capture

How to Collect a Wireshark Capture


  • Wireshark: All Supported Versions
  • Microsoft Windows: All Supported Versions


To collect a Wireshark capture for network connectivity issues


  1. Download and install Wireshark. (Npcap is required to record live traffic)
  2. Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
  3. Add the SSL Port (i.e., Sensor/Agent port) used depending on the product.
  4. Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
  5. After 5-10 minutes of capturing network activity while reproducing the issue, stop the capture and save the capture as: {devicename}.pcapng
  6. Zip the file. and upload the Vault.
  7. Comment on the case that the data has been uploaded to CB Vault.

Additional Notes

  • A PCAP is not requested by Support as a first step in resolving a communication issue, unless absolutely necessary.
  • This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.

Related Content

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: