Why am I being requested to provide a SSLDump/packet capture (PCAP) for the TIMSoft/MTP?

Document ID : KB000012882
Last Modified Date : 14/02/2018
Show Technical Document Details

  CA Technologies APM Technical Support often requests PCAP (Packet Capture) and SSL files from a TIMsoft (TIM-only) or MTP TIM. This knowledge document explains why these files are requested.


 CA Technologies APM Technical Support has just requested a SSLDump/packet capture (pcap) file from my TIM(s).

 What are they planning to do with these files?

Any Supported APM Release running APM CE (CEM).


This depends on the issue being encountered. Typically a packet capture is requested for these reasons:

  • To evaluate overall quality of network data (e.g. out of order packets, duplicate acknowledgments, empty or few packets, malformed packets)
  • To review if TIM network traffic connection is ONLY seeing HTTP/HTTPS/FLEX Traffic
  • To see if traffic from selected IP addresses are showing up
  • To see if HTTP requests and responses (two-way round trip traffic) are showing up
  • To see if SSL handshake is starting and is successful.
  • To see the SSL Ciphersuites supported and used.
  • To determine why a transaction is not recording or generating defects/statistics
  • To help with transaction count issues. (Less or more than expected.)

Typically a SSLDump is requested for these reasons:

  • To see if SSL Handshake completes and data is being sent.
  • To view if the private key is decoding any traffic and if there are any patterns on what is and is not being successfully decoded.
  • To see the SSL Ciphersuites supported and used.

Once completing this review, Technical Support can provide next steps to TIM recovery

Additional Information: