This a guideline for using Wireshark to inspect Network packets. Prior to this step, please ensure that our Firewall Requirements has been fully implemented in your Network environment's AllowList



Introduction

Wireshark is a network protocol analyzer, which captures network packets in real-time, and presents data output in human-readable format. Wireshark includes various data filters, color-coding, as well as, other features that enable deep network traffic analysis. You can use these filters to segment Silo Network traffic, as part of advanced network troubleshooting


Wireshark is available for download from their official website


Once you have Wireshark installed, launch the application, then click the name of your primary or active network interface under Interface List to start capturing network packets. For example, if you wish to analyze traffic from your wireless network, then select the wireless interface entry

 

In order to filter for Authentic8 traffic, you will want to create a filter list similar to the example below. Please disregard the double quote characters at the beginning and end



ip.addr==54.225.143.10||ip.addr==54.244.220.33||ip.addr==104.197.151.226||ip.addr==8.34.212.21||ip.addr==104.198.108.190||ip.addr==104.198.102.199||ip.addr==104.196.50.57||ip.addr==104.196.45.238||ip.addr==104.155.196.214||ip.addr==104.155.196.156||ip.addr==104.199.169.130||ip.addr==104.199.158.183||ip.addr==104.155.106.249||ip.addr==130.211.64.174



Important: Please refer to the Firewall Requirements guideline for the latest IP address entries



Once an IP address filter is in place, you may begin capturing packets, however, no data will be displayed until a connection is initiated using the Silo client

 

Once Silo is launched, Wireshark will begin to display rows of captured data. This data can be used to help isolate any Network related issue

 

During the launch process, you will want to look for 2 certificate exchanges, as shown below:




The first certificate exchange will occur when Silo is connecting to our launch servers


The second certificate exchange will occur moments later when Silo is connecting to the app servers


Shortly after, Silo will either display a PIN authentication prompt, or attempt to authenticate via SAML SSO (if configured)




Please contact Support for any additional questions