How to capture a network packet trace using Wireshark
|Article:HOWTO75093|||||Created: 2012-04-18|||||Updated: 2012-10-27|||||Article URL http://www.symantec.com/docs/HOWTO75093|
Note: This article describes how to capture a network packet trace using the free third party software "Wireshark" from Riverbed Technology on the web site http://www.wireshark.org/. These instructions are provided as a courtesy for Symantec customers wishing to use this tool in conjunction with troubleshooting issues with Symantec products. Symantec Technical Support is unable to therefore assist the customer in configuring Wireshark or understanding its packet trace. Please contact your network administrator for assistance as necessary.
How to capture a Wireshark packet trace
- Install and run Wireshark on the Symantec Management Platform server or the computer to be used. During its installation, ensure that WinPcap is also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
- In Wireshark, click on the Capture menu > Interface.
- Stand by to reproduce the issue from where ever it is occurring at, such as performing a series of steps from the Symantec Management Platform Console.
- In Wireshark's Interface window, click on the Start button.
- Reproduce the issue from where ever it is occurring at.
- Immediately after reproducing the issue, back in Wireshark, click on the Capture menu > Stop. ????????
- If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save. Enter a file name to save the .pcap file as.
- Compress the file using Zip. This should now be able to be emailed to Symantec Technical Support in regards to an open support case, as requested by the case's assigned engineer.
Tips on how to analyze a Wireshark packet trace
Various tips are available for how to analyze a packet trace, depending on what is being looked for:
- get the ip of the client or server
- use filters for ip, src, etc
- string filters
Article URL http://www.symantec.com/docs/HOWTO75093