Collect a Wireshark Capture
search cancel

Collect a Wireshark Capture

book

Article ID: 286824

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

To collect a Wireshark capture for network connectivity issues

Environment

  • Wireshark: All Supported Versions
  • Microsoft Windows: All Supported Versions

Resolution

  1. Download and install Wireshark. (Npcap is required to record live traffic)
  2. Launch Wireshark and navigate to: Edit > Preferences > Protocols > HTTP
    1. For App Control, add port 41002 to the SSL/TLS Ports, for example: 443, 41002
    2. Click OK
  3. Double-click on the appropriate network connection to start recording.
  4. Collect 5-10 minutes of network activity while reproducing the issue.
  5. Stop the capture and save the capture as: {devicename}.pcapng
  6. Be sure to Zip the PCAP before providing to Support

Additional Information

  • This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.