How to use Wireshark to capture a packet trace.
search cancel

How to use Wireshark to capture a packet trace.


Article ID: 173125


Updated On:


Symantec Products


Note: This article describes how to capture a network packet trace using the free third party software "Wireshark" from Riverbed Technology. Wireshark is available from the web site These instructions are provided as a courtesy for Broadcom customers wishing to use this tool in conjunction with troubleshooting issues with Broadcom network products. Broadcom Technical Support is unable to, therefore, assist the customer in configuring Wireshark or understanding its packet trace. Please contact your network administrator for assistance as necessary.

Support asks for either a PCAP file or a Wireshark capture.


How to capture a Wireshark packet trace

  1. Install and run Wireshark on the server or the client computer to be used for the issue. During its installation, ensure that WinPcap and Npcap are also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
  2. In Wireshark, click on the Capture Options Icon.

  3. Identify the NIC you want to conduct the capture on, and uncheck the "Promiscious" checkbox.

  4. Switch to the "Options" tab and uncheck "Resolve MAC Addresses."

  5. Return to the "Input" tab. Select the NIC you wish to collect a capture on, and click "Start" to begin the capture. Reproduce the issue you are trying to debug.

  6. Immediately after reproducing the issue, back in Wireshark, click on the Stop Capture Icon.

  7. If the packet trace is to be sent for analysis to Broadcom Technical Support, click on the File menu > Save. Enter a file name and save the file in a .pcap format.
  8. Compress the file using a file compression utility. This file should now be able to be emailed to Broadcom Technical Support or attached to the Broadcom Technical Support case as requested by the case's assigned engineer.