Skip to main content

Articles in this section

See more
Print

How to capture Microsoft 365 connection traffic using Wireshark

  • Updated

Summary: Microsoft 365 connectivity troubleshooting may sometimes require an in-depth look at the traffic packets between the client PowerShell modules or API components and Microsoft 365 cloud services. This article describes the steps required to collect this traffic 

Applies to: Cayosoft Administrator 6.0 or later

ID: KB20201011-1

Overview

Wireshark is a free and open-source network protocol analyzer, recommended by Microsoft as a replacement for their own deprecated tools (link). The steps below describe how to use Wireshark to collect the network traffic information required to troubleshoot some connectivity issues. 

 

Preparation

  1. Download and install Wireshark from: https://www.wireshark.org/#download on the machine running the Cayosoft Administrator server
  2. While on the same server, open a command prompt and execute this command: ping provisioningapi.microsoftonline.com 
    mceclip0.png
    NOTE: the URL might change depending on the original connectivity issue. Please, consult Cayosoft Support for details
  3. Grab the resolved IP address, in this example 40.126.9.97
  4. Add this entry to the windows hosts file
    1. Run notepad.exe as administrator
    2. Open the  %windir%\System32\drivers\etc\hosts file
    3. Add an entry for the resolved IP like "40.126.9.97 provisioningapi.microsoftonline.com"
    4. Save the hosts file 

Using Wireshark

  1. Run Wireshark as administrator
  2.  Set the filter to include only traffic to the IP resolved in the previous section using "host <ip address> and select the network interface used to connect to the Internet:
    mceclip2.png
  3.  Start capturing packets:
    mceclip3.png
  4. Open a Power Shell prompt and run the test command(s):
    1. For example, to capture network operations when connecting from MSOL PowerShell module, execute this command: Connect-MsolService -AzureEnvironment AzureCloud
    2. When prompted, login using the same Microsoft 365 account as used in the Cayosoft Administrator service
    3. Execute: Get-MsolUser
  5. Return to Wireshark and stop the packet capturemceclip4.png
  6. Go to File > Save, specify a location and file name, for example,  “MSOLtraffic.pcap"
  7.  Send this file to Cayosoft Support
  8. Remove the "provisioningapi.microsoftonline.com" entry from the hosts file
    1. Run notepad.exe as administrator
    2. Open the  %windir%\System32\drivers\etc\hosts file
    3. Remove the new entry added in the preparation section
    4. Save the hosts file 

 

 

Related Articles

KB20180503-1 Troubleshooting connection to Office 365

 

 

© Copyright 2013-2025 Cayosoft Inc. All rights reserved.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request
Return to top

Related articles

Comments

0 comments

Please sign in to leave a comment.