Capture Network Traffic Using Wireshark
Problem
You need to capture low-level network traffic to troubleshoot an issue (e.g. Kerberos SSO).
Solution
Download and install Wireshark on a workstation where the problem is occuring.
- Download either the 32 or 64-bit "Windows Installer" for Wireshark from https://www.wireshark.org/download.html
- Install Wireshark on the workstation as an administrator. Choose to install the WinPcap module during the Wireshark install.
- Download the zip file containing PistolStar's Kerberos utilities from box.com: https://app.box.com/s/yxeeg4tunkt2z94cv8r4jtwddlqm1agp
- NOTE: If you are unable to download from box.com, the KerbUtil.zip file is also attached to this KB (link).
- Unzip the "klist.exe" program from the KerbUtil.zip file and copy it to the root of the C:\ drive. When run, this utility will clear out any cached Kerberos service tickets.
- Launch a Command Prompt as an administrator and type "cd \" then 'Enter' to change to the root directory of the C: drive.
- Run the following commands in the Command Prompt:
- ipconfig /FlushDNS
- NBTStat -R
- klist.exe purge
- Launch Wireshark, then choose the Capture -> Start menu item. If prompted, choose the appropriate interface ("Ethernet" is typically the LAN/wired connection).
- Open a web browser and reproduce the failure
- When complete, stop the trace using the red square icon in the Wireshark toolbar:
- Press Ctrl-S to save the trace as a .pcapng file.
- Email this .pcapng file to us or attach it to the ticket in the support portal.
REV. 11/2018 | PortalGuard