1763: Collecting PCAP Logs with Wireshark and PCAP Remote

Also read in:

use Google Translate

Operating Systems: 

Last update: 14-07-2021

Network tracing logs are useful to troubleshoot issues related to network connectivity. These logs can be obtained and viewed by Wireshark software. PCAP remote can be used to collect logs on an Android device.

Collecting network tracing logs in Windows/Linux/macOS

Download the free Wireshark utility from http://www.wireshark.org/download.html. If you are not planning on keeping Wireshark installed on your system, then it is recommended to download and run the portable version.

Then do the following:

  1. Note the IP of the source and target device.
  2. Run Wireshark.
  3. Click Capture -> Options... , select corresponding network adapter you are using for your network connection and click the Start button:

     

    If you want to monitor connection through a particular port only, you can set it up too:  in Capture Filter type the port you want to monitor, e.g. tcp port 443 or tcp port 44445:

    In case you know that backup will not fail immediately, it means WireShark should be executed during some extended time (20 minutes +) it is a good idea to write the information to a file right after start. You can choose a file in the Output tab and set traffic and time limits for logs collection:

  4. Reproduce the issue without closing the Wireshark application:

  5. Click Capture -> Stop after the issue is reproduced:

  6. Save the captured data in default format (pcapng) by clicking File -> Save as:

  7. Contact Acronis Customer Central and attach the saved log to your request. Also please let us know the IP address of the source and target device.
  8. If the log is larger than 4 mb, then please split and compress it prior to sending it. See Splitting Files to Send to Acronis Customer Central

Collecting network tracing logs on Android devices

Install PCAP Remote on your android device. PCAP Remote is a non-root network sniffer app that allows you to capture Android traffic and save it to a .pcap log for future analysis or to remotely capture from Wireshark installed on a computer connected from the app's built-in SSH server.

To capture the traffic and save it to a .pcap file on your device:

  1. Launch the application.
  2. Disable the Remote mode capturing option:
  3. Click the Play button in the upper-right corner to start capturing.
  4. You see a list of application to capture. Select the application you want to capture from the list
  5. As soon as you stop capturing, you will be asked if captured packets need to be saved as .pcap file on device storage.

Tags: