If that story sounds familiar, you’re not alone. This scenario plays out every single day across support teams, development teams, and operations floors — in every industry, across every platform. The packet capture is the single most valuable diagnostic artefact when an integration breaks, yet it remains one of the most underused tools in the Salesforce ecosystem. Not because it isn’t powerful. Because reading one has historically required specialised expertise that most teams simply don’t have on hand when they need it most.

That is precisely the gap that PCAP Analyser was built to close.

What Is PCAP Analyser?

PCAP Analyser is a dedicated network analysis tool built specifically for integration troubleshooting. The premise is elegantly simple: upload a packet capture file, and it returns a plain-English explanation of exactly what went wrong — along with recommended fixes linked to relevant documentation. No networking degree required. No Wireshark expertise. No waiting until Monday for the network team to come back online.

For anyone who has ever stared at a wall of raw packet data wondering where to even begin, PCAP Analyser transforms that experience into something that actually feels manageable and fast.

Who Should Be Using This Tool?

One of the things that makes PCAP Analyser genuinely useful is that it isn’t designed for a single type of user. Integration failures don’t discriminate by job title, and neither does this tool.

• Salesforce Admins and CRM Admins — Understand integration failures without needing any networking knowledge.
• Support Engineers — Diagnose and close cases faster without being blocked by the availability of a network specialist.
• Integration Developers — Pinpoint API errors, authentication failures, and timeouts in minutes rather than hours.
• Network Engineers — Instantly surface application-layer context alongside raw packet data for richer analysis.
• Cloud and DevOps Engineers — Troubleshoot cloud service connectivity and API failures end-to-end with full visibility.
• Solutions Architects — Validate integration health and identify systemic failure patterns across complex environments.

Whether you’re a seasoned network engineer or a Salesforce admin who has never opened Wireshark before, the tool meets you where you are.

Supported File Formats: PCAP and HAR

PCAP Analyser accepts two file types, each suited to a different troubleshooting context. Understanding which one to use — and why — is the first step to getting a useful diagnosis.

.pcap and .pcapng — Wireshark Captures

These are raw network captures, typically taken at the server or middleware layer. Even when traffic is encrypted over HTTPS, there is still a wealth of diagnostically valuable data available in an unencrypted form: DNS queries, TCP handshake outcomes, TLS handshake results, SNI hostnames, connection timing, TCP resets, and connection timeouts. None of that requires decryption to read, and all of it can point directly to the root cause of a failure.

Use .pcap or .pcapng files for server-to-server integrations and middleware platforms like MuleSoft or Boomi, or for custom Apex callouts where the traffic never touches a browser.

.har — Browser HTTP Archive

HAR files are exported directly from Chrome or Firefox DevTools and contain fully decrypted HTTP traffic. This means every API endpoint called, every HTTP method, every response status code (401, 403, 429, 500, 503), full response bodies including error messages, and precise request and response timing are all visible and readable.

Use .har files for browser-based integrations, Experience Cloud flows, or any scenario where the failure is reproducible from within a web browser.

Quick tip: If you’re unsure which to use, ask yourself where the failure is happening. Browser-based? Go HAR. Server or middleware? Go PCAP.

What Does PCAP Analyser Actually Look For?

The depth of analysis covers both the network layer and the application layer, with a layer of Salesforce-specific intelligence built on top. Here’s what gets examined under the hood.

Connection-Level Analysis

• IP addresses and domains being contacted
• TCP connection outcomes — whether a connection completed successfully, timed out, or was reset
• TLS handshake success or failure, and at which specific stage the failure occurred
• Certificate validation errors

HTTP and API-Level Analysis

• API endpoints called and the HTTP methods used
• Response status codes interpreted within a Salesforce context
• Error messages found in response bodies
• Response latency patterns and timeout events

Salesforce-Specific Intelligence

This is where PCAP Analyser goes beyond generic network analysis. It recognises Salesforce’s own infrastructure patterns and failure signatures:

• login.salesforce.com — OAuth and authentication flows
• *.my.salesforce.com — Core API calls
• *.force.com — Experience Cloud and Sites traffic
• OAuth token requests, grant types, and failure modes
• Session expiry detection — identifying a 401 that occurs after a previously successful authentication
• Deprecated Salesforce API version detection
• Known Salesforce error signatures across common integration failure patterns

That last category — the Salesforce-specific layer — is what separates this tool from a generic packet analyser. It doesn’t just tell you a 401 occurred. It tells you why that 401 occurred in the context of a Salesforce OAuth session.

The 3-Panel Results View

The output is structured across three panels, deliberately designed so that different people on your team can extract value without having to wade through information that isn’t relevant to them.

Panel 1 — Plain English Summary

Two to three sentences written for a non-technical audience. No jargon. No packet numbers. Just a clear statement of what happened. For example: “Your integration successfully connected to Salesforce but was rejected after login. The OAuth token expired mid-session and was not refreshed, causing all subsequent API calls to fail with authentication errors.”

An admin can read Panel 1, understand the problem, and hand it to a developer with full context — without needing to interpret a single packet themselves.

Panel 2 — Technical Breakdown

This panel is collapsible and goes deep. Packet-level evidence, specific endpoints hit, response codes, timing data, and the raw signals that led to the conclusion in Panel 1. For a support engineer or integration developer, this is where the real diagnostic value lives — the evidence trail that confirms the diagnosis is sound.

Panel 3 — Recommended Fixes

Actionable steps tied directly to the specific failure identified, with links to Salesforce Help articles, Trailhead modules, and official documentation. Not generic advice — targeted remediation for the exact failure pattern found in your capture.

Real-World Failure Scenarios It Handles

The range of failure patterns that PCAP Analyser can identify covers the most common integration problems that Salesforce teams encounter:

• Authentication failure — Failed OAuth token producing 401 errors, with root cause identification and an OAuth remediation path
• Firewall blocking Salesforce — TCP SYN packets with no SYN-ACK response, confirming a network block rather than a Salesforce-side issue
• SSL certificate error — TLS handshake failure with certificate issue identification and remediation steps
• API rate limiting — HTTP 429 responses identified with a recommended backoff strategy
• Integration timeout — High latency and timeout patterns with tuning guidance
• Session timeout mid-session — A 401 occurring after a successful authentication, pointing to token refresh misconfiguration
• Wrong API endpoint — HTTP 404 with endpoint mismatch identified
• Service unavailable — HTTP 503 confirming a server-side issue

Each of these scenarios is something that, without the right tooling, might take a team hours to isolate — or days if the network team isn’t available. With a packet capture and PCAP Analyser, the same diagnosis takes minutes.

A Note on HTTPS Encryption

A common concern when capturing server-to-server traffic is that HTTPS encryption will make the capture useless. It won’t. Even in a fully encrypted capture, DNS queries, TCP connection outcomes, TLS handshake results, SNI hostnames, and connection timing are all transmitted without encryption and are entirely readable. These signals alone are frequently sufficient to confirm whether the problem is a network block, a TLS failure, a DNS resolution issue, or a connection timeout — without ever seeing the decrypted payload.

For full HTTP-level visibility including response bodies and status codes, use a .har file instead.

How to Capture Your Files

Getting a capture file doesn’t have to be complicated. Here’s exactly what you need for each scenario.

Capturing a .pcap File (Server-to-Server)

On a Linux server running your middleware or integration platform, use tcpdump:

tcpdump -i eth0 -w capture.pcap host login.salesforce.com

Start the capture, reproduce the failure, then stop the capture. Upload the resulting capture.pcap file directly to PCAP Analyser.

Exporting a .har File (Browser-Based)

1. Open Chrome or Firefox and press F12 to open DevTools
2. Navigate to the Network tab
3. Tick Preserve log to ensure requests aren’t cleared on navigation
4. Reproduce the integration failure
5. Right-click anywhere in the request list and select Save all as HAR with content

Upload the exported .har file to PCAP Analyser and you’ll have full HTTP-level visibility including decrypted response bodies, status codes, and precise timing.

Pricing: From Free to Enterprise-Grade

PCAP Analyser offers tiered access to suit teams of every size and complexity.

• Free — sign-up required: One complete analysis. Upload a real capture file, get a real diagnosis, see the full 3-panel results. This isn’t a demo with dummy data — it’s a full analysis of your actual capture. Try it at cloudssfdc.com.
• Basic: Designed for admins and occasional troubleshooting. Covers connection failures, authentication errors, and common HTTP error patterns with clear answers and no requirement to understand the underlying packet detail. Best for Salesforce Admins, small teams, and infrequent integration issues.
• Advanced: For support engineers and integration developers who need deeper packet-level analysis, more granular traffic breakdowns, and higher-confidence diagnoses across multi-service flows.
• Premium: Maximum depth for architects and enterprise teams managing critical integrations. Detailed timing correlation, full-capture pattern analysis, and comprehensive fix recommendations with supporting packet evidence. Best for complex MuleSoft and Boomi environments.

Back to Sarah — How It Should Have Gone

It’s 11:58 PM on Friday. The integration is still down. But this time, Sarah doesn’t wait. She opens PCAP Analyser, runs Wireshark for 60 seconds during a failed sync attempt, and uploads the file.

Two minutes later, Panel 1 tells her: “Your integration successfully authenticated with Salesforce but the OAuth access token expired after one hour. Subsequent API calls were rejected. The integration is not configured to refresh the token automatically.”

Panel 3 gives her the exact Connected App setting to change, with a direct link to the Salesforce Help article covering OAuth token refresh configuration.

She makes the change. The integration is back up by midnight.

That is what packet analysis should feel like — not a weekend of waiting, not a specialised skill only one person on the team has, but a clear answer and a clear path forward, available to anyone who needs it.

Stop Guessing. Start Knowing.

Integration failures are inevitable. Spending a weekend in the dark waiting for a network engineer to become available doesn’t have to be. PCAP Analyser puts the diagnostic power of packet analysis into the hands of every person on your team — regardless of their networking background — and turns one of the most intimidating artefacts in the support process into something genuinely useful.

The next time an integration breaks, don’t start with guesswork. Let the packets tell you what happened.

Try PCAP Analyser free → cloudssfdc.com