How To: Gather a Network Trace with Wireshark

Version 4

    Overview

     

    Some issues may require a network/Wireshark capture to identify how network traffic is routing. To gather this information, Support uses the free 3rd party application Wireshark®.

    Note: Shavlik does not endorse nor support any 3rd party software. Users assume all liability when working with 3rd party software.

     

    Steps

     

    Note: These are the basic steps to begin an unfiltered network capture. Additional instructions may be provided by Support for filtering network traffic. If no additional filters are requested, gather unfiltered traffic.

     

    2-start+interfaces.png

    • In Wireshark: Capture Interfaces select the desired interface and click Start.

    3.png

    • The Capture window will open. This indicates that Wireshark is logging network traffic.

    4.png

    • Perform the task requested by Support.
      • Example: If deploying agents is not successful and a network capture is requested, once Wireshark is capturing, attempt to deploy the agent.
    • Once the requested task has been performed, stop the Wireshark Capture by clicking Capture | Stop

    5.png

    • Save the capture by clicking File | Save As

    6.png

    • Enter a File Name and leave the Save as type as Wireshark/..-pcapng (.pcapng;*.pcapng.gz;*.ntar;*.ntar.gz), then click Save.

    7.png

    • Locate the saved .pcapng, and send the file to support.