1-800-691-1991 | 9am - 8pm ET

Testing Connectivity with Wireshark

KB ID: 2256
Product: Veeam Agent for Linux, Veeam Agent for Microsoft Windows, Veeam Backup & Replication, Veeam Cloud Connect
Version: All
Published: 2017-03-07
Last Modified: 2020-08-13


It becomes necessary to test connectivity and specific ports outside of Veeam software components to rule in or rule out network connectivity or throughput issues, usually as part of other troubleshooting.


Wireshark (formerly Ethereal) is a packet analyzer, free and open-source, useful for network troubleshooting and analysis. Contrasted with iperf which tests ports and throughput, Wireshark can return robust data showing outbound and inbound data, acknowledgements for TCP connections, and even on multiple interfaces concurrently.
Due in part to this robustness, it can produce extremely large captures, and it’s helpful to pare this down to a manageable data set: 
  • Limit the number of interfaces we capture for the duration
  • Apply capture filters to narrow down IP addresses and ports we watch for
Scripting can sometimes be used to terminate the capture as soon as certain text is seen, if there is a known and specific issue.

More information

The first thing to know is what connection(s) you’re needing to monitor. You can start by picking only the necessary interfaces from Capture > Options > Manage Interfaces:
User-added image

The specific ports used for communicating between various components can be found in the user guide, and specifically the Used Ports page:
For instance, if the focus of investigation is traffic between a backup proxy agent and a repository agent on a single IP range, you can limit the capture to that IP range. This is, again, a capture filter, not a display filter. The capture filter field will turn green if the filter is valid:
User-added image
This constrains the capture itself to traffic originating from that range of IP addresses, and no traffic originating from any other ranges will be captured. After configuring this correctly, you can proceed to running the capture, and then use display filters to pare that down further. You can specify, at the most basic: 
  1. ip.addr ==
  2. tcp.port == 22 || tcp.port == 443
  3. http 
The examples, in order, filter to a stated IP address, traffic on ports 22 and 443 (the || is a boolean OR operator), or only HTTP traffic. They should be entered into the display filter field at the top of a running or previously run capture. Both capture and display filters have a broad spectrum of options and they are covered in the Wireshark wiki (link below).
The capture itself is pretty self-explanatory:
User-added image

Time format can be selected from a few options under the view menu. Source and target addresses are just as they say, as is protocol. Length refers to the overall packet length sent or received, and the details will show anything relevant (for instance, packets sent TCP but with no ACK response). You can get even more detail up to and including the content of that specific packet.
An important final note: Wireshark captures are inherently massive, especially if the capture filter is broad or not defined at all. Ensure you have adequate space on the machine running the capture if you suspect it will run for some time, or you run a very real risk of filling up the storage.
Wireshark does have some wiki-style and community resources for some greater detail on its operation and use in troubleshooting, but a familiarity with networking and the specific network environment will help far more, and is generally a requirement for making sense of the returned data. – Site for download – Wireshark Wiki site (check here for capture and display filters) – Wireshark Q&A/Forum
KB ID: 2256
Product: Veeam Agent for Linux, Veeam Agent for Microsoft Windows, Veeam Backup & Replication, Veeam Cloud Connect
Version: All
Published: 2017-03-07
Last Modified: 2020-08-13

Couldn't find what you were looking for?

Below you can submit an idea for a new knowledge base article.
Report a typo on this page:

Please select a spelling error or a typo on this page with your mouse and press CTRL + Enter to report this mistake to us. Thank you!

Spelling error in text

Knowledge base content request
By submitting, you agree that your personal data will be managed by Veeam in accordance with the Privacy Policy.

ty icon

Thank you!

We have received your request and our team will reach out to you shortly.


error icon

Oops! Something went wrong.

Please go back try again later.