How to Collect Network Traces During PBA Boot for Dell Encryption Self-Encrypting Drive Manager and Dell Full Disk Encryption

Affected Products:

• Dell Encryption Enterprise Self-Encrypting Drive
• Dell Data Protection | Self-Encrypting Drive
• Dell Full Disk Encryption

To capture network traces during the PBA boot, it is necessary to leverage the port-mirroring feature of a managed switch.

The port mirroring duplicates all the packets from a source port (Port A) of the switch to a destination port (Port B) of the same switch.

How to enable the port mirroring is specific for each Switch model, for example, for a Dell Force 10:

How to configure Port Monitoring / Mirroring on Dell EMC Networking OS9 Switches

This setup needs:

• A Test laptop (with PBA installed)
• A Capture laptop with Wireshark installed or another network capture software
• A managed switch capable of enabling the port mirroring function

The steps to capture the tracing are:

1. Enable Port Mirroring on your physical switch to mirror packets between switch ports:
   • Port Mirroring is enabled to mirror packets from Port A, where the test laptop with the PBA is connected To Port B, where a laptop with Wireshark installed is plugged in.
2. If required by the Dell support, follow the article below to collect the PBA logs together with the boot network traces:

How To Create Log files for Dell Data Protection Self-Encrypting Drive / Dell Encryption Enterprise Self-Encrypting Drive Manager's Pre Boot Authentication (PBA) Environment

• Start a Wireshark capture on the laptop from Port B before reproducing the issue.
• Power on the test laptop with the PBA on Port A.
• After reproducing the issue, stop the trace and save it in its native format (pcap, ncap, so on).

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.