| 2023-11-28 13:45:02 +0000 | commented answer | Display filter activation change in Wireshark 4.2.0? It appears that we have to press the ENTER key twice after choosing an entry from the dropdown list in order to have it |
| 2023-11-15 03:44:48 +0000 | received badge | ● Rapid Responder (source) |
| 2023-11-15 03:44:48 +0000 | answered a question | usbpcap cannot be found after the wireshark4.0.10 source code is compiled. USBPcap is a seperate (Windows only) project. The USBPcap installer (like the NPCAP installer) is bundled with the Wind |
| 2023-11-15 03:22:51 +0000 | received badge | ● Rapid Responder (source) |
| 2023-11-15 03:22:51 +0000 | answered a question | Established TCP Communication terminates without any clue There appears to be a middle box somewhere between the two systems messing with some of the TCP options and perhaps drop |
| 2023-11-10 08:55:51 +0000 | answered a question | back to back to back...ACKs with no SYN,ACK response With your current capture setup you are capturing data from multiple vlans concurrently. Some of the tcp sessions are c |
| 2023-09-30 14:07:13 +0000 | received badge | ● Rapid Responder (source) |
| 2023-09-30 14:07:13 +0000 | answered a question | tcpdump overlapping packets For some reason the 'Timestamp sec' values for frames 11710 through frame 12445 inclusive jumps forward in time by about |
| 2023-06-14 15:39:40 +0000 | received badge | ● Rapid Responder (source) |
| 2023-06-14 15:39:40 +0000 | answered a question | tshark packet counter disable The tshark man page documents the -Q and -P options. For example: tshark -i en0 -Q -P > packet.log & |
| 2023-05-12 02:08:52 +0000 | received badge | ● Rapid Responder (source) |
| 2023-05-12 02:08:52 +0000 | answered a question | Time Display Format The notion of "Seconds Since Previous Displayed Packet" is based on the order of the frames in the capture file and diff |
| 2022-09-19 14:07:48 +0000 | commented question | WAN NAT port forward retransmission on Reolink camera Is this simply a case of a host based firewall running on the FTP server (192.168.16.128) silently dropping the TCP conn |
| 2022-09-15 18:40:16 +0000 | commented question | Sequence numbers for retransmitted packets staying at Zero For those playing at home and using the capture file shared above, the problem is seen in following set of TCP streams: |
| 2022-09-15 03:09:01 +0000 | received badge | ● Rapid Responder (source) |
| 2022-09-15 03:09:01 +0000 | answered a question | How to export file name using T fields You didn't say what OS you are using. If you are using a *nix system with something like bash or zsh and your input file |
| 2022-07-10 19:22:23 +0000 | commented answer | 2 packet comments to a frame What version of tshark are you running? The ability to have multiple comments was added later? I typically run on recen |
| 2022-07-10 16:06:12 +0000 | received badge | ● Rapid Responder (source) |
| 2022-07-10 16:06:12 +0000 | answered a question | 2 packet comments to a frame It is possible to add multiple comments to a frame with editcap, but each additional comment must be added as new editca |
| 2022-06-09 17:43:35 +0000 | commented question | Windows 10 stops answering TCP packets What specific "time" value have you increased? Does the Win10 machine always appear to stall at the one hour (3600 seco |
| 2022-03-21 06:12:59 +0000 | commented answer | Packet delay during PROFINET realtime communication Coat-tailing on Christain R's answer, Are the access and core switches also used for non-PROFINET traffic? What type o |
| 2022-03-20 13:28:30 +0000 | answered a question | Massive NTP v4 requests from IoT devices From the capture you provided, none of the "Origin Timestamp" values from the server match any of the client's "Transmit |
| 2022-03-04 20:03:34 +0000 | commented answer | Packet capture rate at 14,000 per second without anything running, is my PC compromised ? In one of your videos you show the TaskManager window. The TaskManager window appears to imply that the C: drive is ISC |
| 2021-10-15 11:10:10 +0000 | received badge | ● Rapid Responder (source) |
| 2021-10-15 11:10:10 +0000 | answered a question | Wireshark shows only the length column in a Wi-Fi capture It looks as if all protocols are disabled. The Enabled Protocols dialog can be opened from the main menu as Analyze -&g |
| 2021-06-27 21:50:34 +0000 | edited answer | pitney bowes firewall communication issues. It appears that the Linksys device as a middle-ware NAT box is reframing the postage machine's traffic ultimately suppre |
| 2021-06-27 21:42:57 +0000 | received badge | ● Rapid Responder (source) |
| 2021-06-27 21:42:57 +0000 | answered a question | pitney bowes firewall communication issues. It appears that the Linksys device as a middle-ware NAT box is reframing the postage machine's traffic ultimately suppre |
| 2021-05-29 20:36:07 +0000 | commented question | Why is the wlan_radio.duration field not always shown? The Duration field is a derived value. My experience with monitor mode captures created on my macOS systems is that the |
| 2021-05-29 20:35:25 +0000 | commented question | Why is the wlan_radio.duration field not always shown? The Duration field is a derived value. My experience with monitor mode captures created on my macOS systems is that the |
| 2021-03-23 18:22:48 +0000 | commented question | wrong bogus ipv4 info Your pkt raw hex data is missing two octets in the first line. If we add data for the two missing octets between 9b and |
| 2021-03-23 18:22:23 +0000 | commented question | wrong bogus ipv4 info Your pkt raw hex data is missing two octets in the first line. If we add two data for the two missing octets between 9b |
| 2020-11-30 04:47:38 +0000 | commented question | TCP Dup ACK flooding connection - macOS Big Sur <> Synology NAS On macOS lot's of network stats are available via the CLI command: netstat -sn. But if you run this command as a normal |
| 2020-11-01 22:53:57 +0000 | commented question | WiFi UDP does not show up in wireshark A typical wireless router will have two radios supporting two Wifi channels, one in the 2.4GHz and one in the 5Ghz bands |
| 2020-11-01 22:53:37 +0000 | commented question | WiFi UDP does not show up in wireshark A typical wireless router will have two radios supporting two Wifi channels, one in the 2.4GHz and 5Ghz bands. Could you |
| 2020-10-26 14:06:24 +0000 | commented answer | Machines get IP address but no connectivity - DNS issue? I also meant to add that the DHCP dissector complains about the option 124 sent in the DHCP Discover and DHCP Request pa |
| 2020-10-26 13:55:49 +0000 | commented answer | Machines get IP address but no connectivity - DNS issue? Regarding the reported "dhcp/bootp errors", The DHCP replies sent from the server (the DHCP Offers and the DHCP ACKs) ar |
| 2020-10-25 22:30:39 +0000 | commented question | Machines get IP address but no connectivity - DNS issue? Could you have a rogue DHCP server somewhere on your local network? You reported the office as having the subnet 10.26. |
| 2020-09-19 05:24:27 +0000 | commented question | SMS over SIP trunk does not work Extract the the RTP audio (as .au files) for the Forward Streams from both the Working and Non-Working using Telephony - |
| 2020-09-03 12:14:34 +0000 | commented question | What are CSM_ENCAPS ethernet broadcast packets? Thanks for clarifying. Overlooked the "Clear the LG bit" line in the first comment. Completely agree that clearing LG "a |
| 2020-09-02 18:32:02 +0000 | commented question | What are CSM_ENCAPS ethernet broadcast packets? @ChuckC - The packet detail snippet above shows the source MAC address as 02:50:c2:3b:70:00 (a locally admin address) an |
| 2020-05-23 05:25:02 +0000 | received badge | ● Rapid Responder (source) |
| 2020-05-23 05:25:02 +0000 | answered a question | Tshark frame.time format As suggested by bubbasnmp you can use -e ws.col.Time. You can then use tshark's -t option to change the way that column |
| 2020-05-17 14:43:15 +0000 | commented question | Reason for Reset from Client It's not clear where specifically your capture was taken. Was it on the client or on some middleware device? The TTL va |
| 2020-05-17 14:40:37 +0000 | commented question | Reason for Reset from Client It's not clear where specifically your capture was taken. Was it on the client or on some middleware device? The TTL va |
| 2020-05-13 11:08:42 +0000 | received badge | ● Commentator |
| 2020-05-13 11:08:42 +0000 | commented question | why three times DUPAcks not trigger retransmission Merging the egress10.pcap and ingress10.pcap files together yields a more useful capture to analyze. |
| 2020-05-13 03:53:28 +0000 | commented question | why three times DUPAcks not trigger retransmission Your cloudshark link example only contains one side of the conversation, packets sent by the client. |
| 2020-05-12 12:20:36 +0000 | received badge | ● Rapid Responder (source) |
| 2020-05-12 12:20:36 +0000 | answered a question | Why doesn't tcpdump's filter take effect? Adding the -e option to the tcpdump command to display link level headers may reveal the presence of 'ethertype 802.1Q ( |