Running network traces using Dumpcap - Security Center 5.7 - 5.12

Working with logs and traces for Security Center
Applies to
Security Center 5.7 - 5.12
Last updated
2023-08-25
Content type
Troubleshooting
Language
English
ContentOps
ContentSoltution
Product
Security Center
Version
5.12
5.11
5.10
5.9
5.8
5.7

Dumpcap is a command-line utility used to troubleshot communication issues in your network. If a network trace needs to run for multiple hours or days, or you need to capture a high volume of traffic, you can use Dumpcap instead of Wireshark to monitor your system continuously.

What you should know

Because of how often the interface needs to refresh, captures with a high volume of traffic might cause Wireshark to freeze. Using a command-line prompt lets you capture data directly to the files without using the Wireshark interface.

Procedure

  1. Download Wireshark and use the default installation settings.
    Install and run Wireshark on the server or workstation that best corresponds to the issue you are monitoring. For example, if you are troubleshooting a camera issue, you should run Wireshark on the Archiver managing that camera.
    NOTE: The Installshield installs either WinPcap or Npcap. These are network drivers required for the network capture. If you have Omnicastâ„¢ or Security Center installed, WinPcap might already be installed on your machine.
  2. Run Command Prompt as an administrator and use the cd command to navigate to where you saved Wireshark.
  3. Enter dumcap.exe -D, and then note the ID of the network card where you want to run the trace.
  4. Start the trace by modifying the following command line as needed: 
    dumpcap -i [ID of Network Card] -f [Capture Filter] -w [File Name] -b filesize:[Size in kB] -b files:[Number of Files]
    • Capture filter: Use a capture filter to reduce the amount of data that is collected.
    • File name: The file needs the .pcapng extension.
    • File size: Any value works here. The recommended value is 102400 kB.
    • Number of files: The recommended value is 50 files.
      NOTE: Make sure you have enough space to save your files. The number of kilobytes and the number of files determine how much storage space the trace uses. Using these suggested values, the capture uses 5 GB of storage space.

      The network trace is usually saved to the default Wireshark installation folder: C:\Program Files\Wireshark.

    For example:
    dumpcap -i 2 -f "host 10.2.100.18 and tcp" -w Cam18_tcp_traffic_only.pcapng -b filesize:102400 -b files:50
    The trace starts on your network and runs continuously.
  5. After the issue occurs, stop the capture by entering Ctrl+C.
  6. Retrieve the files and send them to Technical Support.