General use of the Wireshark program.
Access Expert, Andover Continuum, EcoStruxure Building Expert, EcoStruxure Building Operation, Pelco, Satchwell MicroNet, Satchwell Sigma, TAC IA Series, TAC INET, TAC Vista
General Information on using WireShark.
Wireshark is an Ethernet packet analysis programme, Which can be downloaded from:
For the latest version available - Click Here
Or for the stored version please - Click Here
1 - If necessary, unzip the WireShark executable file to a suitable location on the PC/Laptop you wish the programme to be installed on.
2 - Run the executable file and follow the on-screen instructions.
Rules for capturing LAN traffic using Wireshark:
Do not use a switch or router to connect the LAN capture PC to the network as these will filter important network activity that you will need to see. You will want to capture everything that is passing over the network at the point of concern. Usually, this means tapping into the ethernet at the Controller or controllers, that is having an issue.
Here is an example of a device that can be used to easily tap into the network to take the capture.
The monitoring PC must see all traffic from the controller's point of view.
The monitoring PC can be connected in either two ways.
a.) Connected to the network at the controller
b.) The customers IT department can mirror all the network traffic from the controllers port to another port the PC can be connected to.
If connected to the network at the controllers, the connection must be made through a true ethernet hub. A hub will not selectively filter important network traffic as a switch or a router will do.
More information on what a "true ethernet hub" is can be found at http://wiki.wireshark.org/HubReference
There are however some switches that feature port mirroring, please see How to Configure a NETGEAR Prosafe Plus Switch for Mirroring.
If connected to a mirrored port, the port must mirror 100% of the network traffic to and from the controller. No filtering should be done. Once a complete capture file has been obtained it can be filtered after the fact using WireShark or EtherReal.
1 - Run WireShark.
To start a trace carry out the following:
2 - Choose the "Capture" menu and then select "Interfaces"
Choose the appropriate interface, generally, this can be identified by its IP Address, but if not, then the packets increasing are an indication. Press the "Start" button.
The trace will start and will be similar to the following screenshot.
After an appropriate time, the trace can be stopped by selecting "Capture" menu and "Stop"
To save the capture file, choose "File" menu and "Save As".