1763: Collecting PCAP Logs with Wireshark

Also read in:

use Google Translate

Operating Systems: 

Last update: Wed, 2020-07-29 12:28

Network tracing logs are useful to troubleshoot issues related to network connectivity. These logs can be obtained and viewed by Wireshark software. Tcpdump utility can be used to collect logs from Acronis Linux.

Collecting network tracing logs in Windows/Linux/macOS

Download the free Wireshark utility from http://www.wireshark.org/download.html. If you are not planning on keeping Wireshark installed on your system, then it is recommended to download and run the portable version.

Then do the following:

  1. Note the IP of the source and target device.
  2. Run Wireshark.
  3. Click Capture -> Options... , select corresponding network adapter you are using for your network connection and click the Start button:


    If you want to monitor connection through a particular port only, you can set it up too:  in Capture Filter type the port you want to monitor, e.g. tcp port 443 or tcp port 44445:

    In case you know that backup will not fail immediately, it means WireShark should be executed during some extended time (20 minutes +) it is a good idea to write the information to a file right after start. You can choose a file in the Output tab and set traffic and time limits for logs collection:

  4. Reproduce the issue without closing the Wireshark application:

  5. Click Capture -> Stop after the issue is reproduced:

  6. Save the captured data in default format (pcapng) by clicking File -> Save as:

  7. Contact Acronis Customer Central and attach the saved log to your request. Also please let us know the IP address of the source and target device.
  8. If the log is larger than 4 mb, then please split and compress it prior to sending it. See Splitting Files to Send to Acronis Customer Central