Environment

• Wireshark: All Supported Versions
• Microsoft Windows: All Supported Versions

Objective

Resolution

1. Download and install Wireshark. (Npcap is required to record live traffic)
2. Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
3. Add the SSL Port (i.e., Sensor/Agent port) used depending on the product.
4. Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
5. After 5-10 minutes of capturing network activity while reproducing the issue, stop the capture and save the capture as: {devicename}.pcapng
6. Zip the file. and upload the Vault.
7. Comment on the case that the data has been uploaded to CB Vault.

Additional Notes

• A PCAP is not requested by Support as a first step in resolving a communication issue, unless absolutely necessary.
• This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.

Related Content