Running network traces using Wireshark - Security Center 5.7 - 5.12

Working with logs and traces for Security Center
Applies to
Security Center 5.7 - 5.12
Last updated
2023-08-25
Content type
Troubleshooting
Language
English
ContentOps
ContentSoltution
Product
Security Center
Version
5.12
5.11
5.10
5.9
5.8
5.7

Wireshark is an open-source network traffic analyzer that you can use to troubleshoot communication issues in your network. You can run a network trace to monitor your system until an error occurs, then stop the trace and send the files to Technical Support.

Procedure

  1. Download Wireshark and use the default installation settings.
    Install and run Wireshark on the server or workstation that best corresponds to the issue you are monitoring. For example, if you are troubleshooting a camera issue, you should run Wireshark on the Archiver managing that camera.
    NOTE: The InstallShield installs either WinPcap or Npcap: network drivers required for the network capture. If you have Omnicastâ„¢ or Security Center installed, WinPcap might already be installed on your machine.
  2. Open Wireshark and go to Edit > Preferences.
  3. From the list, select the Capture section, and clear the Syntax check capture filter checkbox.
    NOTE: Depending on your version of Wireshark, this option might not be available.
  4. From the list, select the Name Resolution section, and depending on your version of Wireshark, disable transport name resolution by doing one of the following:
    • Clear the Enable transport name resolution checkbox .
    • Ensure the Resolve transport names and Resolve network (IP) addresses checkboxes are cleared.
  5. From the list, in the Appearance section, select Columns and configure the following:
    1. Click +.
    2. In the new row, double-click New column and rename it to Source port.
    3. Double-click Number, and from the drop-down, select Src port (resolved).
    4. Repeat the previous substeps to create the Destination port and TCP stream rows, as shown here:
    5. In the TCP stream row, double-click the Fields column, type tcp.stream, and leave the Field Occurrence column at 0.
  6. Click Capture options (), and in the Output tab, configure the following:
    1. In the Capture to a permanent file section, specify the file name and location.
      IMPORTANT: The file name needs the .pcapng extension.
    2. Select the Create a new file automatically after checkbox and set the delay to 200 megabytes.
    3. Select the Use a ring buffer with checkbox and set the value to 50 files.
      NOTE: The number of megabytes and the number of files determine how much storage space the capture uses. Using these suggested values, the capture uses 10 GB of storage space.
  7. (Recommended) Click the Input tab, and in Capture filter for selected interfaces field, click , and select a capture filter to reduce the amount of data that is collected.
  8. Click the Options tab and select the Update lists of packets in real-time checkbox.
  9. Click Start.
    The trace starts on your network and runs continuously.
  10. After the issue occurs, click Stop capturing packets ().
  11. Retrieve the files and send them to Technical Support.