Greetings to the CommunityI would need to configure packet capture on the Orion, do you think this would require activating an agent to analyze all that traffic?
What end result are you trying to achieve? What is the use case?
Basically we need to configure packet capture in SOLAR, for this we think it is necessary to activate an agent that analyzes all that traffic. We also need to have a way to download the PCAPs for the day and time we want so we can analyze it in more detail in wireshark.Is there any option to that?
Depending on which modules you have installed you probably already have winpcap drivers installed on the Orion server, so if you want to perform capture on the host the path of least resistance is probably to install wireshark. Keep in mind that packet captures can be somewhat resource intensive and quickly fill disk space, which is why most companies that want to do longer term captures grab the data from outside of their servers. Depending on what your organization uses you could capture packets on the host, or from vmware, or from a switch, or if they are fancy they will have dedicated network tap appliances distributed through their environment.
wireshark example
www.wireshark.org/.../ChCapCapturingSection.html
vmware example
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.networking.doc/GUID-F1AC7100-FFBB-4414-9B70-E5537C15E192.html
cisco switch example
https://activereach.net/support/knowledge-base/connectivity-networking/capturing-packets-with-cisco-ios/
- Marc Netterfield
thwack.solarwinds.com/.../i-cannot-install-wireshark-on-my-server-is-there-any-alternative-method-i-can-use
