How to capture a network packet trace using Wireshark
search cancel

How to capture a network packet trace using Wireshark


Article ID: 181028


Updated On:


IT Management Suite Ghost Solution Suite Deployment Solution Client Management Suite


 How to capture a network packet trace using Wireshark


ITMS 8.x

DS 8.x

GSS 3.x


Important Note: This article discusses third party software and web sites as a courtesy to Broadcom customers wishing to use Wireshark, a product of the Wireshark Foundation company, in conjunction with troubleshooting issues with Broadcom products such as Altiris, Altiris Patch Management or Deployment Solution. Broadcom does not own or manage these products and web sites, nor can Broadcom Technical Support assist the customer in using Wireshark. The customer is advised to contact Wireshark Foundation directly for assistance in basic usage of their product. References here to Wireshark and third party web sites are therefore provided "AS IS" and the customer is advised to use them at their own risk.

How to capture a Wireshark packet trace

  1. Install and run Wireshark (which can be obtained from on the Symantec Management Platform server or the computer to be used. During its installation, ensure that WinPcap is also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
  2. In Wireshark, click on the Capture menu > Interface.
  3. Stand by to reproduce the issue from where ever it is occurring at, such as performing a series of steps from the Symantec Management Platform Console.
  4. In Wireshark's Interface window, click on the Start button.
  5. Reproduce the issue from where ever it is occurring at.
  6. Immediately after reproducing the issue, back in Wireshark, click on the Capture menu > Stop.
  7. If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save. Enter a file name to save the .pcap file as.
  8. Compress the file using Zip. This should now be able to be emailed to Symantec Technical Support in regards to an open support case, as requested by the case's assigned engineer.

Using filters

Many filter types can be applied to Wireshark, such as for UDP, TCP, IIS traffic, etc. Third party sites have compiled these, such as those from Refer to these sites for additional information