Overview

This article shares the process of setting up Wireshark and using it to capture network traffic.

Prerequisites

• Administrator privileges
• Intermediate understanding of network and systems administration 

Solution

Follow these steps:

1. Navigate to Wireshark Download Page.
2. Download the compatible version for your operating system.
3. Install Wireshark, and then open the application.
4. In the top menu, go to Capture > Options.
   
   
   
   
5. Click on Manage Interfaces.
   
   
   
   
6. Check the boxes for which network interfaces you would like to capture.
   • Network interface card(s) used by the FOIP/VOIP fax device to transmit packets.
   • Local Area Network Connection.
   • Most dedicated fax servers with more than one Local Area Connection. If you are unsure check all of them or verify with a systems administrator.
7. Click OK.
   
    
   
   
8. Verify the interfaces to capture by selecting and highlighting them.
   • To select multiple lines, hold down the CTRL button while clicking the interface name. Only the highlighted ones will be captured.
9. When all desired interfaces are highlighted, click Start to begin capture.
   
   
   
   
10. Reproduce the problem.
    • If troubleshooting faxes, by sending or receiving a fax on the problematic FaxMaker line.
    • If troubleshooting an HTTP address, navigate to the URL.
      
      
11. After the transmission has finished, with or without errors, navigate back to Wireshark application and click the red square to stop (Capture > Stop). 
    
                                                                            
12. In the menu, click File > Save As.
    
13. Then select Wireshark /tcpdump/ ... pcap from the 'Save as type' drop-down menu.
    
    
    
    
14. Name the file something capture.pcap. 
15. Click Save.