Self-Help Knowledge
Base Articles

 

General: How to Obtain a Packet Capture

 
 
Views: 0
 

Occasionally our Technical Assistance Center (TAC) might ask you for a packet capture. This is commonly performed as a troubleshooting step to give the technician more information on what could be happening. 


Capturing Packets

This can be done a few ways:

1.  Span/Mirror a port.

2.  Use a OneTouch AT in-line.

3.  Use a hub and Wireshark (instructions below).

Capturing using a hub and Wireshark:

This process will require that you have some basic tools on hand to perform this task:
 

  • Hub - You need to have a plain simple hub for this test. The reason this works is because the hub will allow a broadcast of traffic going in and out of the hub. A switch or router will not work because it doesn't broadcast the traffic to every port like a hub would.
  • Ethernet Cable - You will need at least 1 or 2 additional cables.
  • Wireshark or some other packet capture software.


Once you have a hub on hand and Wireshark installed, these are the directions that you'll need to follow to obtain the capture we need for troubleshooting.

  1. Connect power to the hub and connect an Ethernet cable from the hub to a live port
  2. Connect one Ethernet cable from your computer to a port on the hub.
  3. Connect one Ethernet cable from your unit to a port on the hub.
  4. Open Wireshark on your computer.
  5. Make sure your unit is powered off.
  6. Back to Wireshark, on the upper left side you will see Capture. Click the Ethernet connection you are using (for example, Local Area Connection) and click Start. You should begin to see data flowing in Wireshark.
  7. Immediately power on your unit.
  8. Click Capture, from the menu up top.
  9. When the unit has exhibited the behavior, click Stop.
  10. Click File > Save and now you can email the packet capture file.