> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/capture-network-traffic-with-wireshark-in-remote-desktop-manager.md).

# Capture network traffic with Wireshark in Remote Desktop Manager

{% tabs %}
{% tab title="Windows" %}
Wireshark is a widely used open source network analyzer that captures and displays real-time network traffic details. It is particularly useful for troubleshooting, protocol analysis, and network security.

1. Download [WireShark](https://www.wireshark.org/download.html).
2. Install the capture driver as requested. To do this, click the ***Install CHModBPF*** link and run the package installer.
3. Relaunch WireShark and double-click the network interface that is being used (e.g., ethernet, wifi).
4. This will launch the packet capture for that interface. You can confirm that packets are being captured as they appear in the window.
5. Reproduce the connection failure using Remote Desktop Manager.
6. End the capture by closing the WireShark window.
7. Choose ***File - Save As*** and save the **.pcapng** file. If you need help troubleshooting, send it to <service@devolutions.net>.
8. To clean up, uninstall the capture driver by choosing ***File - About WireShark***.
9. In ***Folders***, double-click the link under ***Windows Extras***. This will open a folder with various .pkg files
10. Run the ***Uninstall ChmodBPG.pkg*** to remove the capture driver, and then close WireShark.

#### See also

[Webinar - Decrypting RDP Traffic in Wireshark](https://www.youtube.com/watch?v=VUHucXiMgl0)
{% endtab %}

{% tab title="macOS" %}
Wireshark is a widely used open source network analyzer that captures and displays real-time network traffic details. It is particularly useful for troubleshooting, protocol analysis, and network security.

1. Download [WireShark disk images](https://www.wireshark.org/download.html).

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>There is no need to install WireShark into the Applications folder; you should be able to run it, directly from the disk images.</p></div>
2. Run the **disk images**.
3. Install the capture driver as requested. To do this, click the Install **CHModBPF** link and run the package installer.
4. Relaunch **WireShark** and double-click the network interface that is being used (e.g. ethernet, wifi).
5. This will launch the packet capture for that interface. You can confirm that packets are being captured as they appear in the window.
6. Reproduce the connection failure using Remote Desktop Manager macOS.
7. End the capture using the red square in the top-left of the **WireShark** window.
8. Choose **File - Save As**… and save the **.pcapng file**. If you need help troubleshooting, send it to <service@devolutions.net>.
9. To clean up, uninstall the capture driver by choosing **File - About WireShark**.
10. In **Folders**, double-click the link under **macOS Extras**. This will open a folder with various .pkg files
11. Run the **Uninstall ChmodBPG.pkg** to remove the capture driver, and then close WireShark.

#### See also

[Webinar - Decrypting RDP Traffic in Wireshark](https://www.youtube.com/watch?v=VUHucXiMgl0)
{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/rdm/knowledge-base/how-to-articles/capture-network-traffic-with-wireshark-in-remote-desktop-manager.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.