You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

Capture Network Traffic Using Wireshark


You need to capture low-level network traffic to troubleshoot an issue (e.g. Kerberos SSO). 


Download and install Wireshark on a workstation where the problem is occuring.

  1. Download either the 32 or 64-bit "Windows Installer" for Wireshark from
  2. Install Wireshark on the workstation as an administrator. Choose to install the WinPcap module during the Wireshark install.
  3. Download the zip file containing PistolStar's Kerberos utilities from
    • NOTE: If you are unable to download from, the file is also attached to this KB (link).
  4. Unzip the "klist.exe" program from the file and copy it to the root of the C:\ drive. When run, this utility will clear out any cached Kerberos service tickets.
  5. Launch a Command Prompt as an administrator and type "cd \" then 'Enter' to change to the root directory of the C: drive.
  6. Run the following commands in the Command Prompt:
    • ipconfig /FlushDNS
    • NBTStat -R
    • klist.exe purge
  7. Launch Wireshark, then choose the Capture -> Start menu item. If prompted, choose the appropriate interface ("Ethernet" is typically the LAN/wired connection).
  8. Open a web browser and reproduce the failure
  9. When complete, stop the trace using the red square icon in the Wireshark toolbar:
  10. Press Ctrl-S to save the trace as a .pcapng file.
  11. Email this .pcapng file to us or attach it to the ticket in the support portal.

REV. 11/2018 | PortalGuard

  • 78
  • 12-Dec-2018