Capturing a packet trace

When diagnosing problems, it can be useful to capture a packet trace. This allows other users to see exactly what is happening on your network, and can greatly reduce the time taken to fix a problem.

The easiest tool to use is Wireshark. This is included with most Linux distributions (just use your normal software installation mechanism to download and install a package named wireshark), and can be downloaded for Windows and Mac OS X.

Start up Wireshark and start capturing on the appropriate network interface:

While Wireshark is capturing, reproduce your problem. For example, if your problem is that iPXE is unable to boot from your iSCSI target, you should start up Wireshark and then try to boot from your iSCSI target. You should see a list of captured packets show up in the Wireshark window:

Choose Capture → Stop to stop capturing, and File → Save As to save your capture file.

You can send your capture file to anyone who is helping to diagnose your problem.

Please be aware that packet capture files can be quite large. You should therefore generally avoid e-mailing your file to a whole mailing list. You could make your capture file available on your own web site and e-mail the relevant URL to the mailing list, or you could e-mail the capture file only to people who individually ask to receive it.

Please also be aware that a packet capture may contain sensitive information such as details of your network infrastructure, or (in rare cases) clearly visible passwords.