Skip to main content
Waters Employee Login
 
Waters

How to install and configure Wireshark for troubleshooting Waters software systems - WKB240759

  1. Last updated
  2. Save as PDF
Article number: 240759

OBJECTIVE or GOAL

Install and configure Wireshark on a Windows machine in order to troubleshoot network traffic issues in Waters software systems.

ENVIRONMENT

  • Wireshark 3.6.x

PROCEDURE

Installation:

  1. Download the latest version of Wireshark available from www.wireshark.org. These instructions are valid for the versions as specified in the Environment section. Newer versions may be used but may have installation options different than those mentioned here. Older versions may be used but are not recommended (especially the v2.x and v1.x releases).
  2. Run the installer on a Windows machine.
  3. On the "Choose Components" page of the setup, clear all components except for Wireshark.
  4. On the "Packet Capture" page, select Install Npcap.
  5. Do NOT select USBCap.
  6. Do NOT select any of the options in the Npcap setup program.
  7. Complete the setup process.

Configuration:

  1. The home screen of Wireshark shows all of the network interfaces available on the machine. Choosing the correct interface is critical to capturing the correct network traffic.
    • In most cases, the network traffic of interest will be between the Windows machine and other hosts on the network. Use "Local Area Connection", "Ethernet", or "WiFi" adapters, as appropriate. VPN interfaces will also appear in the list. The screen will also show a history graph of network activity on each adapter.  These graphs are useful for determining which adapters are used for network traffic.
    • In some cases, network traffic is between processes on the same machine, which uses the loopback adapter and does not actually go on the network. In these cases, use the "Adapter for loopback traffic capture".
  2. Select an adapter and click the start button in the toolbar (blue shark-fin icon) to begin recording traffic.
  3. There are many processes on Windows systems that send and receive network data. Filtering the recorded data to just the traffic of interest is therefore highly recommended. The following are some commonly used filters:
    • Showing traffic to/from a specific port: (tcp.srcport == NNN) || (tcp.dstport == NNN)
    • Showing traffic to/from a specific IP address: (ip.src == XX.YY.ZZ.AA) || (ip.dst == XX.YY.ZZ.AA)
  4. Reproduce the issue, which should trigger the network traffic of interest.
  5. Stop the capture (red square button in the toolbar) when the event has been reproduced.
  6. Use the File menu > Export Specific Packets to save the recorded data to a .pcapng file.

ADDITIONAL INFORMATION

 

id240759, EMP2LIC, EMP2OPT, EMP2SW, EMP3GC, EMP3LIC, EMP3OPT, EMP3SW, EMPGC, EMPGPC, EMPLIC, EMPOWER2, EMPOWER3, EMPSW, SUP, SUPNG, SUPUNIFI, UNIFISVR, UNIFISW18, UNIFOPT, UNIFQLIC, UNIFSW17, UNIFSW18, UNIFSW19, UNIFWGLIC, UNIFWKLIC

Not able to find a solution? Click here to request help.