Capture a Network Trace : Wireshark
Introduction:
I have seen issues the customers are trying to troubleshoot with network for their applications hosted over IIS. In network troubleshooting, it’s often necessary to capture packets from both the client and server to fully understand what’s happening during communication. Wireshark, the go-to tool for network analysis, can help with this, but capturing from both sides simultaneously requires careful planning. This approach provides a complete view of the communication and helps identify issues more effectively.
In this blog will guide we will talk about the process of capturing Wireshark traces from the client and server sides at the same time, providing you with a clearer picture of the network flow and potential issues.
Let’s get started with wire shark:
Wireshark is a free and open-source network capture and network analysis tool widely used around the globe. It is not installed by default on any operating system, so it requires customers to download and install it onto their devices. All you need to make use of this is
The tool from official website Wireshark · Download
Administrator Access on Both (Client and Server)
We will capture the traces now :
Run Wireshark. On Windows machines, open the Start menu and type Wireshark in the search bar, then right-click Wireshark and select Run as Administrator
Wireshark will capture traffic from all network adapters and Network Interface Cards but you can isolate one for the capture using the Capture menu displayed when Wireshark opens. You should see a line next to the interface name that indicates if traffic is currently flowing over the interface or not to assist in the selection, if needed.
In the toolbar menu select Capture -> Start, or you can also select the blue shark fin button to start a network capture.
Set this up on Client and Server both. Now repro the problem you want to investigate. You should see packets details scrolling into view as the capture is running.
After you have reproduced the problem, in the toolbar menu select Capture -> Stop, or you can simply click the red square button to stop the trace.
In the toolbar menu, select File -> Save As. In the Save As dialog box save the trace as *.pcapng, which is the default Wireshark trace format, or you can change the Save as type dropdown menu to Microsoft Netmon 2.x and save the trace as *.cap to open using Netmon.
Now these are the ready logs for the comprehensive review to troubleshoot.
Microsoft Tech Community – Latest Blogs –Read More