Authentic8 Support

Q:  How to Use Wireshark to Troubleshoot Connections

A:  This document provides information on how to troubleshoot SIlo connections using Wireshark to inspect packets. Prior to using this document, please verify that you have whitelisted the IPs found in the Details about Firewall Rules Needed for Silo Access support article

Introduction

Wireshark is a network protocol analyzer, which captures network packets in real-time. The data output is later presented in human-readable format. Wireshark includes various data filters, color-coding, as well as, other features that enable deep network traffic analysis. You can use these filters to segment Silo traffic, as part of advanced network troubleshooting.

You can download Wireshark for Windows or Mac OS X from their official website.

Once you have Wireshark installed, launch the application, then click the name of your primary or active network interface under Interface List in order to start capturing network packets. For example, if you wish to analyze traffic from your wireless network, select the wireless interface entry.

In order to filter for Authentic8 traffic, you will want to create the filter list below in order to focus the display on all Silo IP addresses. Please disregard the double quote characters at the beginning and end.

"ip.addr==54.225.143.10||ip.addr==54.244.220.33||ip.addr==104.197.151.226||ip.addr==8.34.212.21||ip.addr==104.198.108.190||ip.addr==104.198.102.199||ip.addr==104.196.50.57||ip.addr==104.196.45.238||ip.addr==104.155.196.214||ip.addr==104.155.196.156||ip.addr==104.199.169.130||ip.addr==104.199.158.183||ip.addr==104.155.106.249||ip.addr==130.211.64.174"

*These IPs may change so please refer to the support article: Details about Firewall Rules Needed for Silo Access for the most updated list of IPs.

Once your filter is in place, you may begin capturing packets, however, you will not see anything in Wireshark until you attempt a connection using the Silo application.

Once Silo is launched, you should see Wireshark begin to display rows of captured data. This data can be used to troubleshoot your connection.

During the launch process, you will want to look for 2 certificate exchanges. Here is an example of one of the certificate exchanges.

The first certificate exchange will occur when Silo is connecting to our launch servers.

The second certificate exchange will occur moments later when Silo is connecting to the app servers.

Shortly after, Silo should show the PIN Pad or you will be authenticated into Silo, depending if SAML SSO is enabled.

Additional Notes  

Please contact Support if you have any additional questions and/or require further information.