| 2023-11-14 15:56:37 +0000 | commented question | Wireshark can capture FTP packets, but cannot view the packet contents of FTP-Data. Hi Daniel, You may be using a passive FTP connection. FTP-DATA uses port TCP/20 for an active FTP connection. Please s |
| 2023-03-31 19:30:00 +0000 | edited answer | Periodic Loss of Network Connectivity If you decide to try capturing ICMP then Wireshark can be used to analyze the response times or check for missing replie |
| 2023-03-31 19:29:31 +0000 | edited answer | Periodic Loss of Network Connectivity If you decide to try capturing ICMP then Wireshark can be used to analyze the response times or check for missing replie |
| 2023-03-31 19:23:23 +0000 | answered a question | Periodic Loss of Network Connectivity If you decide to try capturing ICMP then Wireshark can be used to analyze the response times or check for missing replie |
| 2023-03-23 03:09:08 +0000 | received badge | ● Rapid Responder (source) |
| 2023-03-23 03:09:08 +0000 | answered a question | Is it possible to show packet loss in percentage for a specific tcp stream? Because TCP is connection-oriented, there will be retransmission when segments are lost. You could come up with a mathem |
| 2023-03-07 22:25:49 +0000 | commented question | Capture Tips/Tricks A 120-second loss is triggering alarms on the reporting team's side but not on your side so you must not be monitoring t |
| 2023-02-10 23:53:57 +0000 | commented question | This frame is a (suspected) retransmission] You could run Wireshark while starting one host at a time and see if the host is the one trying to connect to the mail s |
| 2023-02-10 03:51:02 +0000 | commented question | This frame is a (suspected) retransmission] Simply put Occam's razor is a problem-solving principle that recommends looking for the simplest or most obvious explana |
| 2023-02-09 02:19:14 +0000 | commented question | This frame is a (suspected) retransmission] If the source MAC address ("DrayTek_66:17:48") is the actual MAC of the router interface and seeing the IPv4 TTL being 1 |
| 2023-02-08 03:49:21 +0000 | commented question | This frame is a (suspected) retransmission] When a host sends a TCP segment with SYN flag set, it usually means that this host wants to establish a TCP connection w |
| 2023-02-04 01:31:05 +0000 | commented question | Capturing Ooma traffic for IP Address You can start by running a capture to see what packets are seen right now and to try to understand what event is generat |
| 2023-02-02 01:28:05 +0000 | commented question | Capturing Ooma traffic for IP Address Not sure what you need here. Start by checking How To Set Up a Capture to see if this answers your question. When you |
| 2023-02-02 01:27:36 +0000 | commented question | Capturing Ooma traffic for IP Address Not sure what you need here. Start by checking How To Set Up a Capture to see if this answers your question. When you |
| 2023-01-19 20:15:44 +0000 | received badge | ● Rapid Responder (source) |
| 2023-01-19 20:15:44 +0000 | answered a question | how do I find out where packet loss is happening The capture file is from the point of view of the host or the network device where the packet capture occurred. You did |
| 2021-11-16 00:16:37 +0000 | answered a question | Capture J1939 Hi, There is a dissector for J1939 if you look at the Wireshark source code. I also see Controller Area Network (CAN) |
| 2021-09-01 14:30:38 +0000 | commented answer | Server ACK before Client ACK A TCP connection always begins with a 3-way handshake: I find it unlikely that LDAP traffic over TCP would work without |
| 2021-08-27 13:43:27 +0000 | answered a question | Server ACK before Client ACK Hi, From the 5 packets in the PCAP file, I can only offer some general analysis. Is the connection between the server |
| 2021-08-25 12:36:21 +0000 | answered a question | Unknown broadcast frame Hi, The two octets field is used to indicate payload size when the value is below 0x0600 (1536). Only when the value is |
| 2021-08-25 12:36:21 +0000 | received badge | ● Rapid Responder (source) |
| 2021-06-08 20:12:36 +0000 | commented question | Hi, in wireshark, for nfapi packets we are getting tx request first and then dl config request packets, and also packets are not proper some time delay is there between mib and sib packets? Hi Rasika, I'm not sure what you want to know here. Are you looking to troubleshoot latency or jitter in your implement |
| 2021-06-08 19:53:46 +0000 | answered a question | Hi all, is there a way of mapping out latency from a CSV output exported from Wireshark? Hi, The best way to do this is with the original packet capture file inside Wireshark. Wireshark will do a lot of the |
| 2021-06-08 19:53:46 +0000 | received badge | ● Rapid Responder (source) |
| 2020-07-08 03:06:28 +0000 | received badge | ● Rapid Responder (source) |
| 2020-07-08 03:06:28 +0000 | answered a question | Tracking i b p frames in a PCAP file Hi, Packetized Elementary Stream (PES) is a data format for carrying elementary streams (audio, video, etc.) where thes |
| 2020-06-06 02:57:54 +0000 | commented question | I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack? If this is a network security-related assignment then to answer your question you need to understand what is the basic d |
| 2020-06-06 02:39:09 +0000 | answered a question | Web Forwarders frequently failing for some clients and not others Hi, In the shared PCAP we are not seeing a complete TCP 3-way handshake. Host 192.168.249.67 keeps trying to get a TCP |
| 2020-06-06 02:39:09 +0000 | received badge | ● Rapid Responder (source) |
| 2019-12-19 03:11:11 +0000 | commented question | How do I filter/capture/read packets of one protocol embedded in another? There are dnp3 display filters for sure. Are you talking about filtering during the capture itself? |
| 2019-12-19 03:08:39 +0000 | commented question | how to do statistical analysis using network boundaries You need to be more precise in what you want to analyze. The entire Statistics menu could fit your need. |
| 2019-12-19 03:05:04 +0000 | answered a question | Malformed Packets During Livestream Hi Andrew, I opened the PCAP and took a look at TCP conversations and sorted by the number of packets. You mentioned t |
| 2019-12-13 03:48:46 +0000 | commented question | Malformed Packets During Livestream I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213? |
| 2019-12-11 03:58:35 +0000 | commented question | Malformed Packets During Livestream This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what |
| 2019-12-11 01:48:05 +0000 | answered a question | Out of order impact? Hi, Another reason for out of order may be fragmentation. Fragment arrives out of order from rest of traffic for instan |
| 2019-12-11 01:35:00 +0000 | answered a question | High Datagrams Received Address Errors and Received Discarded how to troubleshoot with WireShark? Hi, The trick to troubleshooting discards is to capture the traffic before it is dropped by the interface. I don't thi |
| 2019-12-11 01:35:00 +0000 | received badge | ● Rapid Responder (source) |
| 2019-12-11 01:29:22 +0000 | received badge | ● Rapid Responder (source) |
| 2019-12-11 01:29:22 +0000 | answered a question | I was just wondering what this hosted-by.i3d.net source is If you go to i3d.net you see they are a hosting service. This traffic could be gaming related or possibly any of their |
| 2019-12-11 01:25:38 +0000 | commented question | Malformed Packets During Livestream It's better to edit your question with a link to Dropbox so more people can try to help you. |
| 2019-12-07 02:49:34 +0000 | received badge | ● Rapid Responder (source) |
| 2019-12-07 02:49:34 +0000 | answered a question | Healthy Network Hi, This is not really a Wireshark question per se but I'll bite. I think most of my fellow network engineers would sa |
| 2019-12-07 02:37:30 +0000 | commented question | Malformed Packets During Livestream If possible can you post the capture file on a public share? |
| 2019-12-03 22:15:38 +0000 | edited answer | How to find the make and model of a local router? Hi, There are two protocols that I can think off the top of my head that could be present in your capture where that in |
| 2019-12-03 03:44:00 +0000 | commented question | Previous segment not captured You seem to be describing the behavior of packet loss but I'm not sure. Can you post the PCAP files on a public share? |
| 2019-12-03 03:39:00 +0000 | received badge | ● Rapid Responder (source) |
| 2019-12-03 03:39:00 +0000 | answered a question | How to find the make and model of a local router? Hi, There are two protocols that I can think off the top of my head that could be present in you capture where that inf |
| 2019-11-14 23:18:29 +0000 | answered a question | why don't i see SYN ECN CWR Hi, TCP SYN segment with Explicit Congestion Notification (ECN) in IP header can be dropped or have that feature remove |
| 2019-11-14 23:18:29 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-26 02:51:56 +0000 | edited answer | Can I view the http request made on a browser in a VM on a remote server from Wireshark on my PC? Hi VamsiKrishnaMeda, I have answered a similar question in the past. If the VM is running on your local PC then you sh |