1. Open your PCAP.
2. Locate communication between client and CBC, use the Configuration Guide link from the firewall port KB below to help determine the CBC sites. 
   • tls.handshake && tls.handshake.extensions_server_name == "dev-prod05.conferdeploy.net"
   • tls.handshake && tls.handshake.extensions_server_name == "updates2.cdc.carbonblack.io"
   • tls.handshake && tls.handshake.extensions_server_name == "content.carbonblack.io"
   • ssl.handshake.type && (tls.handshake.extensions_server_name contains "conferdeploy.net" || tls.handshake.extensions_server_name contains "carbonblack.io")
3. Use 'Follow Stream' in the Conversations dialog to display that conversation. Dismiss the 'raw data' display that pops up; we won't need that for what we're doing. "Analyze\Follow\TCP Stream"
4. Highlight the 'Client Hello' packet in the top pane of the display - the list of cipher suites offered by the client can be expanded
5. Compare results to this KB SSL cipher suites that are supported/accepted for communications
6. If no Cipher Suite matches then the communication can not happen, please add a Cipher Suite and test.

./repcli manifest cloudrefresh