Note: This article describes how to capture a network packet trace using the free third party software "Wireshark" from Riverbed Technology. Wireshark is available from the web site http://www.wireshark.org/. These instructions are provided as a courtesy for Symantec customers wishing to use this tool in conjunction with troubleshooting issues with Symantec products. Symantec Technical Support is unable to therefore assist the customer in configuring Wireshark or understanding its packet trace. Please contact your network administrator for assistance as necessary.
Support asks for either a PCAP file or a Wireshark capture.
How to capture a Wireshark packet trace
Install and run Wireshark on the server or the client computer to be used for the issue. During its installation, ensure that WinPcap is also installed. Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator".
In Wireshark, click on the Capture Options Icon.
Identify the NIC you want to conduct the capture on, and uncheck the "Promiscious" checkbox.
Switch to the "Options" tab and uncheck "Resolve MAC Addresses."
Return to the "Input" tab. Select the NIC you wish to collect a capture on, and click "Start" to begin the capture. Reproduce the issue you are trying to debug.
Immediately after reproducing the issue, back in Wireshark, click on the Stop Capture Icon.
If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save. Enter a file name and save the file in a .pcap format.
Compress the file using to a zipped folder. This should now be able to be emailed to Symantec Technical Support or attached to the Symantec Technical Support case as requested by the case's assigned engineer.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.