Jaap's profile - activity

Packet analysis tools, like Wireshark, work on the data link layer (frame or packet level) on up. That means that they r

Since we're talking about TCP connections here (not part of the question, but clarified in a comment) the start would be

tshark doesn't have that, and also you do not want to use tshark for this. Tshark is for packet dissection and that is

Perhaps you can. Have the side where Wireshark is supposed to run setup a listening netcat, which feeds into a local soc

The idea is to setup a listening port on the capture side and then connect to that from Wireshark remotely. Therefore th

Yes, this display filter behaviour has been enhanced to act more intuitively. So an expression as ip.addr != 10.43.54.65

"Lost comm" can mean many things, so YMMV. But assuming some sort of Ethernet network involvement, sure it may help to g

Beginner wondering if this is a good communication debugging tool We are trying to figure out the communication problem

Port forwarding through a NAT?

Depends a lot on your budget, learning method and so on. Wireshark in itself isn't that complicated. You can learn a lo

From the screenshot it seems that beyond the basic frame nothing gets dissected. This is usually because all dissectors

I'm not versed enough in Lua to know the answer to this.

In theory yes, in practice any API incompatibilities would have to be solved by you.

Without us seeing what you're seeing that's rather difficult. Try putting a screenshot on some file sharing site and add

HI, I am a macOS Ventura user. I am able to capture packets but I am not able to see the source, destination and protoco

Go check out ntop, they specialise in these things as well.

Well, you make a dissector shim, that fits between the DLT_USER and the mime-multipart dissector. Use this shim to handl

But there's this.

Yet all this is described in the included README file here.

how do I analyze .pcap files using WireShark In my class training I need to open a .pcap file extract the information an

You would have to go into those distribution archives to see what you can find. And then it may become a question of com

Clean installs, but also the same _configuration_? These are not part of the install, but personal data.

Looks good.

If you go into preferences, one the 'Capture' panel, there are two settings (Don't load interfaces at startup and Disabl

Okay, this is called a bug report. This is not the place for these, they go here. Fill out the complete report, and add

... or is the size of the captured packets limited, so that part of the data is missing?

Please explain how is this a Wireshark question?

You're probably looking for solutions like CloudShark.

What connections are we talking about here? What's primary and secondary here? What boxes are between the endpoints?

Sharing a capture file goes a long way. An image (even if it was visible) doesn't reveil enough information.

Tried neverssl.com ?

This was tested on macOS. However, as Guy noted in the answer below, please file an issue with full details.

Jaap - Source and destination file types are both .pcap in this case using Windows 11. Are you also using Windows and,

What's your source capture file type, what's your destination file type? Just tried it with PCAP files, and it worked as

Go to Analyse | Enabled Protocols. In the dialog that pops up fill in 'RTP' as search item. Under the RTP item look f

Google translate makes of this the following: client cannot generate a change cipher spec, encrypted handshake message

Perhaps that field should explain what at least some values mean. It does, the tree item has a subtree which lists