You need to gather a packet capture for your support case (if you need to gather a capture during boot on Windows, see article 213208)

Windows 7+
Windows Server 2008r2+

Linux

Windows

1. Open PowerShell as administrator (Right Click -> Run As Administrator)
2. Run the following command to start the capture:

   • netsh trace start capture=yes tracefile="$home\documents\$($Env:ComputerName).etl" maxSize=4096 IPv4.Address=<IP Address>

     • Example: netsh trace start capture=yes tracefile="$home\documents\$($Env:ComputerName).etl" maxSize=4096 IPv4.Address=192.0.2.1

     • maxSize limits the size of the output file in MB. Modify it as necessary. When the limit is reached, netsh performs circular logging and begins overwriting the oldest data in the file.
     • Remove the IPv4.Address parameter if you don't need to filter for traffic to a specific address.
3. Reproduce the issue
4. Stop the capture with the following command:

   • netsh trace stop

     • A .etl and .cab file will be generated in the Documents directory. The filenames will be your computer's name.
5. Upload the .etl and .cab to the support portal

Linux

1. If you have multiple nics, use the following command to determine which interface you need to capture on:

   • ip addr

2. Start the capture with the following command with sudo priveleges, using the interface name from step 1:

   • tcpdump -i <interface name> port <port> src <source IP address> dst <destination IP address> -w ~/capture.pcap

     •  port, src, and dst are optional paramters if you want to filter for specific traffic. They do not need to be included
     • If you only have 1 interface, don't need to iniclude -i.

     • Example: tcpdump -i eth0 port 1344 -w ~/capture.pcap

3. Reproduce the issue.
4. Stop the capture with crtl+c.
5. Upload ~/capture.pcap to the support case.

.etl files can be converted to pcapng for easier analysis using the etl2pcapng tool released by Microsoft.