Capturing Network Traffic With Wireshark



Similar documents
StorageCraft ShadowStream User Guide StorageCraft Copyright Declaration

Lab Conducting a Network Capture with Wireshark

System Administration Training Guide. S100 Installation and Site Management

Lab - Using Wireshark to View Network Traffic

Installation Instruction STATISTICA Enterprise Small Business

Obtaining a Memory Dump on Windows Servers

STATISTICA VERSION 12 STATISTICA ENTERPRISE SMALL BUSINESS INSTALLATION INSTRUCTIONS

1. Product Information

AdminToys Suite. Installation & Setup Guide

Synchronizer Installation

TIBCO Fulfillment Provisioning Session Layer for FTP Installation

Online Backup Client User Manual

RecoveryVault Express Client User Manual

Qlik Sense Desktop. Qlik Sense Copyright QlikTech International AB. All rights reserved.

Installing GFI Network Server Monitor

dotdefender v5.10 for IIS Installation Guide Applicure Web Application Firewall Applicure Technologies Ltd. 1 of 14 support@applicure.

Online Backup Linux Client User Manual

ms-help://ms.technet.2005mar.1033/security/tnoffline/security/smbiz/winxp/fwgrppol...

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Online Backup Client User Manual

WinSCP for Windows: Using SFTP to upload files to a server

Charter Business Desktop Security Administrator's Guide

Contents. VPN Instructions. VPN Instructions... 1

TANDBERG MANAGEMENT SUITE 10.0

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Linux

Guide to Installing BBL Crystal MIND on Windows 7

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

4cast Client Specification and Installation

INSTALLATION AND ACTIVATION GUIDE

QUANTIFY INSTALLATION GUIDE

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

Installing GFI Network Server Monitor

Viewing and Troubleshooting Perfmon Logs

DOCSVAULT Document Management System for everyone

SAM Server Utility User s Guide

IN STA LLIN G A VA LA N C HE REMOTE C O N TROL 4. 1

QNX Software Development Platform 6.6. Installation Guide

UNICORN 7.0. Administration and Technical Manual

Enterprise Remote Control 5.6 Manual

Option 1 Using the Undelete PushInstall Wizard.

The VHD is separated into a series of WinRar files; they can be downloaded from the following page:

Mike Canney Principal Network Analyst getpackets.com

Running FileMaker Pro 5.0v3 on Windows 2000 Terminal Services

Kepware Technologies Using Wireshark for Ethernet Diagnostics

Installation Manual (MSI Version)

Snagit 12. Installing Snagit on Remote Desktop. Version December TechSmith Corporation

MapInfo License Server Utility

Quick Start Guide For Ipswitch Failover v9.0

Spector 360 Deployment Guide. Version 7

Look for the 'BAERCOM Instruction Manual' link in Blue very near the bottom.

Reporting Installation Checklist

Trend Micro Worry-Free Remote Manager Agent Installation Guide

BushSoft Accounts - Installation manual

Installation Instruction STATISTICA Enterprise Server

Installation Guide: Delta Module Manager Launcher

Out n About! for Outlook Electronic In/Out Status Board. Administrators Guide. Version 3.x

Mike Canney. Application Performance Analysis

XenClient Enterprise Synchronizer Installation Guide

Figure 1: Restore Tab

Analyzing Call Signaling

Connecting to the Remote Desktop Service

Free Excel add-in for linear regression and multivariate data analysis

This Deployment Guide is intended for administrators in charge of planning, implementing and

Mesa DMS. Once you access the Mesa Document Management link, you will see the following Mesa DMS - Microsoft Internet Explorer" window:

Where can I install GFI EventsManager on my network?

Global Image Management System For epad-vision. User Manual Version 1.10

Event Center (rev b) EVENT CENTER. VPI 160 Camino Ruiz, Camarillo, CA (Voice) (Fax)

STATISTICA VERSION 9 STATISTICA ENTERPRISE INSTALLATION INSTRUCTIONS FOR USE WITH TERMINAL SERVER

Installing The SysAidTM Server Locally

Automation Engine 14. Troubleshooting

How to install and use the File Sharing Outlook Plugin

Docufide Client Installation Guide for Windows

1.1 Prezi Desktop Guide Requirements Download and Install First start Overview 12

Setup and configuration for Intelicode. SQL Server Express

Nagios XI Monitoring Windows Using WMI

Toad for Oracle Installation Guide

IBM WebSphere Application Server Version 7.0

INSTALLATION GUIDE ENTERPRISE DYNAMICS 9.0

SYSTEM REQUIREMENTS...

64-Bit Compatibility with Micromeritics Applications

e-config Data Migration Guidelines Version 1.1 Author: e-config Team Owner: e-config Team

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

Matisse Installation Guide for MS Windows

Mercy s Remote Access Instructions

7.x Upgrade Instructions Software Pursuits, Inc.

ESX System Analyzer Version 1.0 Installation Guide

How to use the VMware Workstation / Player to create an ISaGRAF (Ver. 3.55) development environment?

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

ECT362 Installing Linux Virtual Machine in KL322

Tips for getting started! with! Virtual Data Center!

NovaBACKUP xsp Version 15.0 Upgrade Guide

Acronis Backup & Recovery 11

VoIP Infrastructure Upgrade Desktop. User Group March 2014

CONNECT-TO-CHOP USER GUIDE

Lexia Network Installation Instructions

CoCreate Manager Server Installation Guide. CoCreate Manager Server Installation Guide 1

Aspera Connect User Guide

Transcription:

Capturing Network Traffic With Wireshark A White Paper From For more information, see our web site at

Capturing Network Traffic with Wireshark Last Updated: 02/26/2013 In some cases, the easiest way to identify problems in a network system, such as performance problems or system failures, is to grab a network capture -- a log of all networking packets that enter and leave a workstation. When typical "hit or miss" troubleshooting doesn't seem to be working, we may instruct you to collect a network trace, and these instructions serve as a simple way to perform this task. Downloading and Installing Wireshark The first step is to download Wireshark. Go to www.wireshark.org and click on the Download Wireshark Now button: Then select the Windows Installer link from the next dialog. If you are running on a 64-bit operating system, then you may want the 64-bit version. Otherwise, download the Windows Installer (32-bit). When the download finishes, run it with all of the default options (click next, next, etc.) to install the software. When it is done installing, launch Wireshark. Page 2 of 9

Starting Wireshark and Setting up a Simple Capture A simple capture is used when you can easily duplicate your network problem, like starting an application. When Wireshark launches, you will see a standard welcome screen, which looks something like this: Click on the Capture Options button, as indicated above, and you will see the Capture Options dialog box. Users of older versions of Wireshark will see the screen on the left, while users of newer versions will see the image on the right. Page 3 of 9

First, verify that the correct network card is indicated in the box on the top, or your capture will likely be empty. Second, verify that the three Display Options are NOT checked. (The default is checked, but we want to keep the capture process as simple as possible.) Setting up a Circular Buffer Capture For some issues, you may need to capture a LOT of data, or you may not know when the error will occur. Wireshark handles smaller capture files very well, but when your files get TOO large, the system starts to get sluggish. To avoid this, we recommend setting up a "circular buffer" capture, which grabs the network data in a number of smaller, more manageable, capture files. First, follow the steps above as in the simple capture. Then, we'll make a few more changes in the Capture Options dialog box. (We re showing the older style dialog box, but the fields we are looking at are the same on both styles.) Page 4 of 9

First, enter a path and base filename for the capture. This location should have enough disk space for the total size of the capture -- so you will want to verify this FIRST. Then, check the Use multiple files option, as well as the Next file every and Ring buffer with options. Put 32 into the Next file every box, so that each trace file will be 32MB -- a size small enough that Wireshark can handle with ease on just about any system. Finally, put a number into the Ring buffer with box that corresponds to the amount of data that you need to keep. Note that 100 files of 32MB each = 100*32 = 3.2GB. In many cases, even this is FAR too much, and you might be able to get away with 10, 20, or so. This is a good time to re-verify that you have enough disk space in the location provided. If you run out of disk space, bad things can happen! Capturing from a Remote Desktop Session When you are remotely controlling a machine via Remote Desktop, the network capture will get all of your RDP packets, as well as the rest of the data that you want. Obviously, this can change the environment enough such that you don't get a valid capture, so this is not recommended. However, if you must use an RDP session, then you want to make one more change to the Capture Options dialog box: Page 5 of 9

If you are running the newer Wireshark releases, double-click on the NIC entry to bring up the Interface Settings dialog box: By adding "port not 3389" to the capture filter, you will exclude the RDP traffic, and get a better handle on exactly what you ARE looking for. Again, if RDP is contributing to the problem, then this filter may actually help disguise the problems you are trying to troubleshoot. Starting and Stopping the Capture When you have set up the capture buffer as you need it, click Start to begin the capture. You will get the Captured Packets screen, which looks like this: You will see the timer running, and packets will start accumulating into each bucket. If you do NOT see any packets, then you may have selected the wrong interface. Go back to the Capture Options screen and try a different network card. Page 6 of 9

You should now use your system normally and duplicate the problem that you are trying to troubleshoot. If possible, note the EXACT time that the problem occurs. Then, stop the capture by clicking on the Stop button on the Captured Packets dialog. Saving the Capture If you created a circular buffer, then your packet capture is already saved into one or more files in the location you specified. Each filename includes a timestamp of when the file was CREATED, so that you can isolate the file which contains the "interesting" packets. If you were using a simple capture, then you'll instead see a screen like this: Click the Save button to bring up the Save As dialog box. Page 7 of 9

Then, enter a filename without an extension (or with a.pcap extension) and click Save. You can then submit the saved trace data to Goldstar Software via Email or (for larger data sets) via FTP. Visual C++ Crashes In recent versions, memory allocation seems to be an issue, and this has been causing pop-up dialog boxes that indicate the Visual C++ Library is crashing. It is unclear if this is a problem caused by recent changes to the Wireshark code, or by changes to the Microsoft libraries. However, you may have issues getting a large capture using the steps above. The solution is to avoid the user interface and use the command-line tool dumpcap. Use the option -help to get information about the command line options: A command like this should work for most users: dumpcap -i 1 -b filesize:32768 -b files:100 -f "port not 3389" -w C:\Cap.pcap Page 8 of 9

If you still can't get it to work, contact Goldstar Software and let us work with you to help! Please note that this may be a billable support call if you have already used up your free support time. Page 9 of 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information