Collect a Wireshark Capture
search cancel

Collect a Wireshark Capture


Article ID: 286824


Updated On:


Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)


To collect a Wireshark capture for network connectivity issues


  • Wireshark: All Supported Versions
  • Microsoft Windows: All Supported Versions


  1. Download and install Wireshark. (Npcap is required to record live traffic)
  2. Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
  3. Add the SSL Port (i.e., Sensor/Agent port) used depending on the product.
  4. Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
  5. After 5-10 minutes of capturing network activity while reproducing the issue, stop the capture and save the capture as: {devicename}.pcapng
  6. Upload the collected capture.

Additional Information

  • This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.