You need to capture the traffic blindly and analyze it later in Wireshark (similar to what you would do with tcpdump on a Linux system). The problem with RawCap is that you are not able to see live traffic. For analysis, you can use Wireshark to read this file. It is a command line tool that will capture the traffic and save it in a file. Nonetheless, you can capture traffic from the loopback interface using RawCap. This should now be able to be emailed to Symantec Technical Support in regards to an open support case, as requested by the case's assigned engineer.If you are a Windows user and have ever needed to capture traffic from the loopback interface, you will probably have struggled to do so. If the packet trace is to be sent for analysis to Symantec Technical Support, click on the File menu > Save.Immediately after reproducing the issue, back in Wireshark, click on the Stop Capture Icon.Reproduce the issue you are trying to debug.Uncheck "Capture packets in promiscuous mode" and "Enable MAC name resolution".Click "Options" button for the interface you wish to do the capture on.In Wireshark, click on the Capture Icon.Note: If the operating system includes User Access Control (UAC), right click on Wireshark's shortcut or executable file and choose "Run as administrator". Install and run Wireshark on the Symantec Endpoint Encryption server or the client computer to be used debugging issue. During its installation, ensure that WinPcap is also installed.Please contact your network administrator for assistance as necessary. Symantec Technical Support is unable to therefore assist the customer in configuring Wireshark or understanding its packet trace. These instructions are provided as a courtesy for Symantec customers wishing to use this tool in conjunction with troubleshooting issues with Symantec products. Note: This article describes how to capture a network packet trace using the free third party software "Wireshark" from Riverbed Technology on the web site.
0 kommentar(er)
