The following article is provided on an advice basis only. This article references 3rd party software that may require licensing. Packet captures (or PCAPs) are sometimes necessary when diagnosing an issue with Diffusion and/or client applications and the communication between the two. This enables all traffic on a selected network interface to be recorded and examined and can give an investigator visibility of a communication problem between Diffusion and a third party client/service communicating over a network. Perform the packet capture while the error is occurring in order for Push Technology to be able to investigate the issue. Warning: Packet capturing may have a performance impact. We recommend that you perform packet capturing within a testing / development environment only.
Creating Packet Capture
Wireshark
Wireshark is a stable and long-established packet tracing GUI. Aside from sniffing packets, it also gives investigators a means of examining and analyzing the results. Wireshark is available for all major platforms from the following link:
- Wireshark Download (opens in a new window – external site).
Once you have Wireshark installed and running you should see the following window.
In the capture panel you should see the interfaces that are available on your system. Click the interface where your Diffusion traffic is being sent. Click Start. Wireshark should now be recording the packets being sent a received over your chosen interface. Note: When running OS X or Linux it is necessary to run Wireshark using administrator privileges using the sudo command.
When finished recording, save the file in the .pcapng (or .pcap if .pcapng is not available) format.
tcpdump
In circumstances where Wireshark may not be available a packet trace may still be saved using tcpdump. tcpdump is useful for completing a remote capture when you either don’t have GUI access or don’t have Wireshark installed on the remote machine. tcpdump saves a packet capture in the same format as Wireshark. tcpdump is installed as part of most Linux distributions, and other Unix-based operating systems, such as Solaris. To run tcpdumpto save a file for later analysis in Wireshark use the following command. You may have to specify the interface name with the -i parameter
sudo tcpdump -s0 -w somefilename.pcap
To stop to packet capture press Ctrl + C.
Alternatives
If Wireshark or tcpdump are not available, Push Technology is able to accept packet capture files in the following formats.
- Packet capture accepted formats (opens in new window – external site).
Sending to Support
Once your PCAP has been created, please compress this file and send to Push Technology Support. If the file is too large to be emailed, please contact support, who will make alternative arrangements.