Versions Compared

Version Old Version 8 New Version 9
Changes made by

Mack Baczynski

Mack Baczynski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleTable of Contents
Table of Contents

...

Wireshark provides the mechanism for capturing pcap data

Polycom Phone (If troubleshooting physical IP Phone)

Supported phone for live capturing via steps provided. Yealink phones have an alternate capture method referenced here.

SIP soft-phone

SIP soft-phone is necessary to accomplish a rolling packet capture since it can be capturing local to the workstation where dumpcap will be running.

Polycom Phone (If troubleshooting physical IP Phone)

Supported phone for live capturing via steps provided. Yealink phones have an alternate capture method referenced here.

Setting up rolling capture – Does not apply to capturing remotely from Polycom

...

  1. Download the DumpcapSetup here

  2. Extract the contents

  3. Double click the “Install.bat” script

    1. You will likely be prompted by Windows defender indicating “Windows Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk.” – This is expected since the batch file was not created local to the machine in use. 

    2. Click the “More info” link, then choose “Run anyway”

  4. User Account Control will prompt for evaluated permissions. Continue or enter Administrator credentials to continue

  5. Observe the text at the top of the command prompt window. It will display all the observed network interfaces available to dumpcap, and will launch the windows network connections control panel

  6. Input the corresponding numeric entry associated with the active network interface handling Sharpen traffic.

    1. Tip: In most cases, multiple network adapters will show. Choose the one which has the name matching the “Connected” status. Unless simultaneously connected to networks, this will be the active adapter

    2. Here’s an example from a machine with a few virtual adapters, a VPN, and a bridged WiFi connection. In this case, the bridge is the active connection, so option “1” would be chosen in the command prompt.

      Image Added

  7. Press Enter

  8. Setup is now complete

  9. Validate logs are capturing

    1. Navigate to Desktop\DumpCap\Captures

    2. Observe whether file(s) such as the following exist

      1. file_00001_20181101115841.pcap

      2. File size is only expected to increase once audio traffic commences

...

  1. Navigate to the original extraction point of the DumpcapSetup.zip

  2. Locate the “Uninstall.bat” file and double-click

  3. User Account Control will prompt for evaluated permissions. Continue or enter Administrator credentials to continue

  4. Navigate to Desktop\DumpCap\Captures

  5. Identify the proper capture associated with the incident

    1. Date and time can be interpreted by observing the file name

      1. file_00001_20181101115841.pcap

        1. Year, Month, Day, Hour, Minute, Second indicates start time of file Date Modified File Explorer column indicates the end time of the file

  6. Copy the identified packet capture file

  7. Upload the file to a cloud storage solution such as Google Drive, Onedrive, Dropbox, etc...

  8. Provide public link to Sharpen in SharpenCare case

  9. Sharpen will analyze the capture in conjunction with server-side captures to help reach root cause understanding.

...