Carbon Black App Control (formerly Cb Protection)Carbon Black Cloud Endpoint Standard (formerly Cb Defense)Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)Carbon Black EDR (formerly Cb Response)Carbon Black Hosted EDR (formerly Cb Response Cloud)
Issue/Introduction
To collect a Wireshark capture for network connectivity issues
Environment
Wireshark: All Supported Versions
Microsoft Windows: All Supported Versions
Resolution
Download and install Wireshark. (Npcap is required to record live traffic)
Launch Wireshark and navigate to: Edit > Preferences > Protocols > HTTP
For App Control, add port 41002 to the SSL/TLS Ports, for example: 443, 41002
Click OK
Double-click on the appropriate network connection to start recording.
Collect 5-10 minutes of network activity while reproducing the issue.
Stop the capture and save the capture as: {devicename}.pcapng
Be sure to Zip the PCAP before providing to Support
Additional Information
This can be used as supplemental data for troubleshooting Sensor/Backend or Agent/Server, SSL, and quarantine communication.