Subscribe to PortalGuard's Quarterly Newsletter for News & Updates on the Latest Release! Click to Subscribe

Capture Network Traffic Using Wireshark


Problem

You need to capture low-level network traffic to troubleshoot an issue (e.g. Kerberos SSO). 

Solution

Download and install Wireshark on a workstation where the problem is occuring.

  1. Download either the 32 or 64-bit "Windows Installer" for Wireshark from https://www.wireshark.org/download.html
  2. Install Wireshark on the workstation as an administrator. Choose to install the WinPcap module during the Wireshark install.
  3. Download the zip file containing PistolStar's Kerberos utilities from box.com: https://app.box.com/s/yxeeg4tunkt2z94cv8r4jtwddlqm1agp
    • NOTE: If you are unable to download from box.com, the KerbUtil.zip file is also attached to this KB (link).
  4. Unzip the "klist.exe" program from the KerbUtil.zip file and copy it to the root of the C:\ drive. When run, this utility will clear out any cached Kerberos service tickets.
  5. Launch a Command Prompt as an administrator and type "cd \" then 'Enter' to change to the root directory of the C: drive.
  6. Run the following commands in the Command Prompt:
    • ipconfig /FlushDNS
    • NBTStat -R
    • klist.exe purge
  7. Launch Wireshark, then choose the Capture -> Start menu item. If prompted, choose the appropriate interface ("Ethernet" is typically the LAN/wired connection).
  8. Open a web browser and reproduce the failure
  9. When complete, stop the trace using the red square icon in the Wireshark toolbar:
  10. Press Ctrl-S to save the trace as a .pcapng file.
  11. Email this .pcapng file to us or attach it to the ticket in the support portal.

REV. 11/2018 | PortalGuard

  • 78
  • 12-Dec-2018
  • 176 Views

Attachments