How to capture a network packet trace using Wireshark

book

Article ID: 181028

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server) Asset Management Solution CMDB Solution

Issue/Introduction

 

Resolution

Important Note: This article discusses third party software and web sites as a courtesy to Symantec customers wishing to use Wireshark, a product of the Wireshark Foundation company, in conjunction with troubleshooting issues with Symantec products such as Altiris Patch Management or Deployment Solution. Symantec does not own or manage these products and web sites, nor can Symantec Technical Support assist the customer in using Wireshark. The customer is advised to contact Wireshark Foundation directly for assistance in basic usage of their product. References here to Wireshark and third party web sites are therefore provided "AS IS" and the customer is advised to use them at their own risk.

How to capture a Wireshark packet trace
 

  1. Install and run Wireshark (which can be obtained from www.wireshark.org) on the Symantec Management Platform server or the computer to be used. During its installation, ensure that WinPcap is also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
  2. In Wireshark, click on the Capture menu > Interface.
  3. Stand by to reproduce the issue from where ever it is occurring at, such as performing a series of steps from the Symantec Management Platform Console.
  4. In Wireshark's Interface window, click on the Start button.
  5. Reproduce the issue from where ever it is occurring at.
  6. Immediately after reproducing the issue, back in Wireshark, click on the Capture menu > Stop.
  7. If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save. Enter a file name to save the .pcap file as.
  8. Compress the file using Zip. This should now be able to be emailed to Symantec Technical Support in regards to an open support case, as requested by the case's assigned engineer.


Using filters

Many filter types can be applied to Wireshark, such as for UDP, TCP, IIS traffic, etc. Third party sites have compiled these, such as those from packetlife.net. Refer to these sites for additional information