Print this page

How to use Wireshark to perform a packet capture of network traffic for troubleshooting purposes

Knowledge Article Number 000051014
Description How to provide network capture logs to Salesforce Support
In order to investigate your issues further, we would like to run an analysis of the traffic being sent between you and Salesforce. To do this, we will use the Wireshark application. Wireshark is a tool that allows packet traces to be monitored, captured and analysed. Please follow the steps below in order to obtain a capture of your network traffic using Wireshark.

Please note that you will require some administrator rights on your machine in order to complete these tests. If you are unsure, please contact your IT administrator.

Installing the Wireshark package

Please visit, and download the appropriate Wireshark package or installer for the operating system running on the system which is to be used for packet capture.
When installing, ensure all components are selected for installation, including the optional “Winpcap” application.
Once complete, start Wireshark via shortcut or start menu.

Capturing your traffic with Wireshark
After starting Wireshark, do the following:
  1. Select Capture | Interfaces
  2. Select the interface on which packets need to be captured. This will usually be the interface where the Packet/s column is constantly changing, which would indicate the presence of live traffic). If you have multiple network interface cards (i.e. LAN card and Wi-Fi adapter) you may need to check with your IT administrator to determine the right interface.
  3. Now click the Start button to start the capture.
  4. Recreate the problem. The capture dialog should show the number of packets increasing. Try to avoid running any other internet applications while capturing, closing other browsers, Instant messengers etc.
  5. Once the problem which is to be analysed has been reproduced, click on Stop. It might take a few seconds for Wireshark to display the packets captured.
  6. Save the packet trace in the default format. Just click on the File menu option and select Save As. By default Wireshark will save the packet trace in libpcap format. This is a filename with a.pcap extension.
Returning the information to Salesforce support
Please forward the resulting .pcap file to your support representative, either by email, or attaching it to your open case. Please also include the following information:
  • Your external IP address (get this from
  • The internal IP address of the local machine where traffic is being captured
  • A click path of the steps you took to reproduce, including links to each page/record accessed

promote demote