Knowledge Center

How to capture a network trace from a device installed with a Rogue System Detection sensor
Technical Articles ID:   KB82308
Last Modified:  9/22/2015


McAfee Rogue System Detection (RSD) 5.x


This article provides the instructions for taking a network trace from a computer that is installed with an RSD sensor to handle those cases where a network trace is required for debugging an issue relating to the RSD product. However, because WinPcap (or Wireshark) cannot be installed on a computer that is running the RSD sensor, a different operation is required. For details of the issue, see KB82306.


Obtain a network trace using a WinDump:
  1. Download WinDump.exe from: https://www.winpcap.org/windump/install/default.htm.
  2. Copy WinDump to: [Program Files]\McAfee\RSD Sensor\  
    NOTE: Do not install it, just copy it.
  3. Open the command line window.
    1. Press the Windows key+R (or click the Windows Start button).
    2. In the text input field, type cmd and press ENTER.
    3. In the command window, change directory to the sensor folder by typing: cd [Program Files]\McAfee\RSD Sensor\ 
    4. Start the trace by typing: WinDump.exe -w <file_name> s
  4. Send the file to Technical Support.

    To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
    • If you are a registered user, type your User Id and Password, and then click Log In.
    • If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.

Rate this document

Beta Translate with

Select a desired language below to translate this page.

Glossary of Technical Terms

 Highlight Glossary Terms

Please take a moment to browse our Glossary of Technical Terms.