In this article:

    Overview

    Wireshark is a packet analyzer that can be used to collect network traffic from a system, for troubleshooting and analysis purposes. These packet captures (PCAPs) can be quite useful when diagnosing exotic issues!

    Installing Wireshark

    Wireshark can be downloaded and installed from the official Download page. For macOS and Windows, the stable releases will be located at the top of the page. For stable linux releases, for various distros, look to the bottom of the Download page, under the Third-Party Packages Third-Party Packages section.

    Capturing network traffic

    1. Start Wireshark
    2. Select all the available interfaces by first selecting the first interface in the list:

      And then, while holding the Shift key, select the last interface in the list:
    3. Once you have all the interfaces selected, hit the start packet capture button in the top left:

      Note: If you encounter any errors popups regarding unsupported operations, just accept them without worry. Once they've been cleared, the packet capture should start successfully.
    4. At this point, whatever is being investigated, should be reproduced on the machine running the packet capture.
    5. Once the desired network traffic has been captured, please press the stop capture button in the top left:
    6. Once everything has been captured, please Select File -> Save As and then appropriately name the file while ensuring that pcapng is selected in the Save as type section.

    Note: Depending on the size of the event log, it may be useful to to zip and compress the file so it can be sent more easily.