How to use the 3rd party application DumpCap with Backup Exec to troubleshoot network connection issues and failures.

Description

At times it is needed to troubleshoot a Remote Agent for Windows Systems (RAWS) connection issue in a environment. If the backup takes time to fail you may not be able to read the large WireShark .pcap files. In this situation you may you use a command line capture program called DumpCap. DumpCap is used as a long term capturing program.

DumpCap is available with the WireSark download.

https://www.wireshark.org/

The following steps can be used to point directly at a specific Network Interface Card (NIC).

1. Install WireShark onto the local / remote machine
2. Open a Command Prompt (CMD)
3. Go to the default installation directory of WireShark (C:\Program Files\Wireshark)
4. Run the following command dumpcap -D

After running the dumpcap -D command the output shows the specific Network Interface Card (NIC) that would like to watch during the backup job. The following commands below can be used to capture network traffic into 1GB .pcap files.

1. Open a Command Prompt (CMD)
2. Go to the default installation directory of WireShark (C:\Program Files\Wireshark)
3. Run the following command dumpcap -a filesize:1024 -b filesize:1024 -i \Device\<interface> -w C:\Temp\DumpCap.txt

The following commands can be used to break down the WireShark .pcap files into 1GB files into a specific directory.

Note: If this needs to be as part of troubleshooting. This may cause significant space issues on the current hard drive if not properly disabled. It is recommended to supply enough disk space to allow the DumpCap to capture the events needed for Technical Support.

The list below is all the available options to be used with the DumpCap program.

Capture interface:
  -i <interface>           name or idx of interface (def: first non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax
  -s <snaplen>             packet snapshot length (def: 65535)
  -p                       don't capture in promiscuous mode
  -B <buffer size>         size of kernel buffer (def: 1MB)
  -y <link type>           link layer type (def: first appropriate)
  -D                       print list of interfaces and exit
  -L                       print list of link-layer types of iface and exit
  -d                       print generated BPF code for capture filter
  -S                       print statistics for each interface once every second
  -M                       for -D, -L, and -S, produce machine-readable output

RPCAP options:
  -r                       don't ignore own RPCAP traffic in capture
  -u                       use UDP for RPCAP data transfer
  -A <user>:<password>     use RPCAP password authentication
  -m <sampling type>       use packet sampling
                           count:NUM - capture one packet of every NUM
                           timer:NUM - capture no more than 1 packet in NUM ms
Stop conditions:
  -c <packet count>        stop after n packets (def: infinite)
  -a <autostop cond.> ...  duration:NUM - stop after NUM seconds
                           filesize:NUM - stop this file after NUM KB
                              files:NUM - stop after NUM files
Output (files):
  -w <filename>            name of file to save (def: tempfile)
  -g                       enable group read access on the output file(s)
  -b <ringbuffer opt.> ... duration:NUM - switch to next file after NUM secs
                           filesize:NUM - switch to next file after NUM KB
                              files:NUM - ringbuffer: replace after NUM files
  -n                       use pcapng format instead of pcap
Miscellaneous:
  -q                       don't report packet capture counts
  -v                       print version information and exit
  -h                       display this help and exit