Running a Packet Capture

This article discusses how to run a Packet Capture in School Manager. Capturing packets is a common troubleshooting technique for IT Administrators. It is used to examine network traffic flowing through your filtering device.

Running a Packet Capture

1. Select the kebab menu icon (three vertical dots) in the upper-left of your window.
2. Select Tools
3. You can Filter to test an IP Address and/or Port. For example, “host 192.168.0.1” or “host 192.168.0.1 and port 25”
4. Select the Interface and select Start
5. After a few seconds, you will see the number of collected packets. When you are ready, select Stop, this will automatically download the results into a .pcap file.
   
   

   Hint

   You should take multiple packet captures as PCAP files can sometimes become corrupted during the capture process and may not display all their contents in Wireshark.

6. Open the .pcap file using a program such as Wireshark.

Troubleshooting

I'm not getting any results

1. Check that your filter IP address is correct
2. Check that you have selected the correct Interface
   
   

   Hint

   To determine which interface a user’s traffic is coming through:

   1. Go to Statistics > Realtime > Users and Hosts
   2.  Locate the device's IP address and select Trace Host from the kebab menu icon on the right hand side
   3. Select the arrow icon to view the Connection Details of a piece of traffic
   4. Check the “Input dev” field, indicating the interface you must capture.
      
3. Confirm that there is networking traffic flowing through your chosen Interface

If you require further assistance, contact Linewize Support.