How to use Wireshark to capture packet trace in Symantec Endpoint Encryption.


Article ID: 181079


Updated On:


Endpoint Encryption




Note: This article describes how to capture a network packet trace using the free third party software "Wireshark" from Riverbed Technology on the web site These instructions are provided as a courtesy for Symantec customers wishing to use this tool in conjunction with troubleshooting issues with Symantec products. Symantec Technical Support is unable to therefore assist the customer in configuring Wireshark or understanding its packet trace. Please contact your network administrator for assistance as necessary.

How to capture a Wireshark packet trace

  1. Install and run Wireshark on the Symantec Endpoint Encryption server or the client computer to be used debugging issue. During its installation, ensure that WinPcap is also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
  2. In Wireshark, click on the Capture Icon.
  3. Click "Options" button for the interface you wish to do the capture on.
  4. Uncheck "Capture packets in promiscuous mode" and "Enable MAC name resolution".   Click Start.
  5. Reproduce the issue you are trying to debug.
  6. Immediately after reproducing the issue, back in Wireshark, click on the Stop Capture Icon.
  7. If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save. Enter a file name to save the .pcap file as.
  8. Compress the file using Zip. This should now be able to be emailed to Symantec Technical Support in regards to an open support case, as requested by the case's assigned engineer.