Collect a Wireshark Capture
Article ID: 286824
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black EDR (formerly Cb Response)
Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
To collect a Wireshark capture for network connectivity issues
Environment
- Wireshark: All Supported Versions
- Microsoft Windows: All Supported Versions
Resolution
- Download and install Wireshark. (Npcap is required to record live traffic)
- Open Wireshark and navigate to Edit > Preferences > Protocols > HTTP
- Add the SSL Port (i.e., Sensor/Agent port) used depending on the product.
- Save the options > navigate back to the main Wireshark window > double-click on the appropriate network connection to start recording.
- After 5-10 minutes of capturing network activity while reproducing the issue, stop the capture and save the capture as: {devicename}.pcapng
- Upload the collected capture.
Additional Information
- This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.
Feedback
Yes
No
Powered by
