← Support | Lauren Barraco, October 2019.
How to perform a packet capture of your network traffic
If you’re not ready to mirror traffic to Guardian Community Edition, another option is to upload a PCAP (packet capture) of your network traffic. This can help you better understand and identify some of the assets in your network. Learn more about how to perform a packet capture with this guide.
If you don’t already have a network analysis tool in place, we recommend trying Wireshark. Wireshark is a network protocol analyzer that can be installed on Windows, Linux and Mac. It provides a comprehensive capture of the traffic in your network. You can download Wireshark for Windows, Unix/Linux, or MacOS.
1. Download and install Wireshark
2. Once you’ve launched the application, select one or more networks that you want to get data from and press Capture
3. From the Wireshark Capture Interface screen, press Start. As soon as you press the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system.
4. Select File > Save As or choose an Export option to record the capture.
5. To stop capturing, press Ctrl+E or, go to the Wireshark toolbar and select the red Stop button located next to the shark fin.
Once you have completed your packet capture, you can upload the pcap to your Guardian Community Edition appliance to start discovering your assets.
NB: Many organizations don’t permit the use of tools like Wireshark on their networks. Make sure you have permission before proceeding.