Knowledge Center

Data Collection - How to capture a network trace from a device installed with a Rogue System Detection sensor
Technical Articles ID:   KB82308
Last Modified:  10/24/2019


McAfee Rogue System Detection (RSD) 5.x


The following steps explain how to take a network trace from a computer that is installed with an RSD sensor. The collected date helps handle cases where a network trace is needed for debugging an issue that is related to the RSD product.

NOTE: For situations where WinPcap or Wireshark can't be installed on a computer, see KB82306 for how to resolve the problem.
Obtain a network trace using a WinDump:
  1. Download WinDump.exe from: https://www.winpcap.org/windump/install/default.htm.
  2. Copy WinDump to: [Program Files]\McAfee\RSD Sensor\  
    IMPORTANT: Do not install WinDump, only copy it.
  3. Open the command-line window:
    1. Press the Windows key+R or click Windows Start.
    2. In the text input field, type cmd and press Enter.
    3. In the command window, change directory to the sensor folder by typing: CD [Program Files]\McAfee\RSD Sensor\ 
    4. Start the trace by typing: WinDump.exe -w <file_name> s
  4. Send the file to Technical Support.

    To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
    • If you are a registered user, type your User Id and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

Rate this document

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.