Problem:

In order to troubleshoot certain types of issues, it may be necessary to take a network trace. Also known as a 'sniffer trace', this captures all communication to and from the workstation, providing a low-level view of network traffic.

Resolution:

To take a network trace using WireShark:

1. Install the WireShark network sniffer. WireShark can be downloaded from http://www.wireshark.org/download.html
2. When the installation completes, start WireShark.
3. Select Capture > Interfaces from the menu.
4. Click the Options button for the desired interface.
5. Configure the capture options:
   
   • Capture packets in promiscuous mode. This option allows for the capture of packets with destinations other than the workstation where WireShark is running. Normally, this should be left checked.
   • Limit each packet to. This option should be left unchecked to allow all packet data to be captured.
   • Capture Filter. This may be required when the data should be limited to transfers between specific hosts or ports. Most of the time a simple host filter will be sufficient to prevent large amounts of unneeded data from being captured.

     To specify this type of filter, enter the string host x.x.x.x in the capture filter edit field, where x.x.x.x is the IP address of a host you are connecting to.

     Alternatively, you can specify a MAC address (Media Access Control) by entering ether host yy:yy:yy:yy:yy:yy, where yy:yy:yy:yy:yy:yy is the MAC address of a host for which data is being captured. On a Windows host, the command ipconfig /all can be issued at a command prompt to determine the MAC addresses for the hardware interfaces present on the machine.

   The File: field may specify a capture file name. Note the name and location of the file for easy retrieval later. It is recommended that the Micro Focus incident number be used for the filename for easy identification. If this field is left blank, WireShark will prompt for a filename when it is time to save the capture to a file.

6. Click Start.
7. Any additional diagnostic tracing requested by a product support engineer (such as Rumba Trace) should be set up and started now. Obtaining all traces at the same time will aid in finding the problem, as communication events can be cross-referenced.
8. Recreate the problem. WireShark should show an increasing number of packets being captured at this time. If no packets are captured, check the interface selection and capture settings.
9. Once the problem has been reproduced, the capture file can be saved, zipped and sent to Micro Focus product support. In cases where more than one capture file was requested, the capture files should be named accordingly (for example 12345-A, 12345-B, and so on). Please include contact information and an incident number when emailing traces to support.