How To Get A Wireshark Trace?

How to get a Wireshark trace?



Overview

There are two tools that can be used for a TCP/IP network trace: Wireshark and netsh.

The preferred method would be to use Wireshark, however if Wireshark cannot be installed, then netsh can be used.


Information to include when submitting a network trace to UiPath

The following info should be included when submitting a network trace to UiPath
  1. The IP address of the endpoints involved. For example, if tracing out a network connection to Orchestrator, we would need, the client IP address and the Orchestrator IP address.
    • The IP address of the client can be found by opening a command prompt and running: ipconfig.
      • Take a screenshot of the output and share that with UiPath.
    • The IP address of Orchestrator can be found by opening a command prompt and running: nslookup
      • i.e If the Orchestrator URL was https://orchestrator.uipath.devtest, then the command to run would be: nslookup orchestrator.uipath.devtest.
      • Take a screenshot of the output and share that with UiPath.
  2. Finally include the trace file. If the attachment is too big for email, let us know and we will make a drop box. (Or use Customer Portal).

Wireshark

  1. Install wireshark. https://www.wireshark.org/download.html
  2. Open wireshark.
  3. Select the interface to trace. Typically, this will be the Ethernet adapter (or if using wifi, it will be the Wi-Fi adapter.
    • The icon has a heartbeat monitor graphic next to it and it is typically the most active one.
    • The below screenshot has an example of what this may look like (the ethernet adapter number might not always be the same).
image.png
  1. After the adapter is selected, click the shark fin icon on the top right of the screen.
  2. This will trigger the capture.
  3. Reproduce the issue.
  4. Go back to wireshark and then click the stop icon (the red square icon next to the shark icon).
  5. Go to File->Save As... and save the capture.
  6. Send the capture to UiPath along with the additional information regarding the client and server IP address.

Netsh

If there is a need to capture a network trace of a client or server without installing Wireshark or Netmon this might be helpful. (This feature works on Windows 7/2008 R2 and above).

  1. Open an elevated command prompt and run: "netsh trace start persistent=yes capture=yes tracefile=%temp%\nettrace-boot.etl" (make sure you have a \temp directory or choose another location).
  2. Reproduce the issue or do a reboot if tracing a slow boot scenario.
  3. Open an elevated command prompt and run: "netsh trace stop"
  4. The trace will be stored in %temp%\nettrace-boot.etl**or wherever you saved it. The trace can be viewed using netmon: https://www.microsoft.com/en-us/download/4865
  5. Send the capture to UiPath along with the additional information regarding the client and server IP address.
For more details, visit Steps to Collect Netsh Log Files for Network Troubleshooting.