How do I generate a network trace (packet dump) for Kerio technical support?

Discussion

A network trace, also called a packet dump, sometimes must be generated to analyze packet traffic between systems to troubleshoot difficult application or networking problems. A network trace may be requested by Kerio Technical Support for analysis by upper level technicians and developers. This article describes the steps to be taken to generate a network trace on the major platforms. Select the platform below where the packet trace will be initiated.

Windows and MacOSX

WireShark is the recommended application for generating network traces on Windows and Mac OSX platforms. From a machine involved in the transmission of data, download WireShark from here and install it (including the WinPcap application, if applicable). Follow these steps to create the trace:

  1. From within Wireshark, click Capture Options.
  2. In the Interface: field, select the network card that connects to the remote system involved in the network transmission.
  3. In the Capture filter: field, type "host" followed by the IP addressAn identifier assigned to devices connected to a TCP/IP network. of the remote system: host xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the IP address of the remote machine
  4. Click on the Browse button next to the File: field and select Desktop in the "Save in folder" field.
  5. Type a file name, such as problem.cap, in the Name: field and click OK.
  6. Click the Start button, or from the Capture menu, select Start.
  7. Perform the network connection that displays the problem.
  8. When the network operation is complete, click on the Stop button or, from the Capture menu, select Stop.
  9. Reply to the ticket sent by Kerio technical support, attaching the generated problem.cap file.

Linux

tcpdump is the recommended application for generating network traces and is already installed on most Linux platforms. Here are the basic steps for creating a trace using the tcpdump command line application:

  1. Open a Terminal session and log in as the "root" user and, to start the network trace, type:

tcpdump -s 0 -w /problem.cap -f host xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address of the remote machine, such as 192.168.200.201

  1. Perform the network connection that displays the problem.
  2. When the network operation is complete, type ctrl-c on the Terminal to stop tcpdump.
  3. Reply to the ticket sent by Kerio technical support, attaching the generated problem.cap file.

After you have sent the problem.cap file to Kerio technical support, the file will be analyzed and you will be contacted regarding the results of the analysis.