| 2025-06-13 18:16:03 +0000 | commented answer | New OUI Lookup Tool Design - How do you search multiple OUIs at the same time? Version 1.12 renames the generated file to oui.txt to avoid overwriting any user-created manuf file and to make it clear |
| 2025-06-12 22:25:28 +0000 | commented answer | New OUI Lookup Tool Design - How do you search multiple OUIs at the same time? Note that the latest version of the OUI lookup tool can also be run from the command-line using tshark. Refer to the wi |
| 2025-06-12 18:13:24 +0000 | answered a question | New OUI Lookup Tool Design - How do you search multiple OUIs at the same time? Until the online OUI lookup tool is reverted or modified to support multiple OUI lookups once again, you might be able t |
| 2025-06-04 16:30:51 +0000 | answered a question | Interface name display Yes, you can capture on multiple interfaces and get the information you're seeking. Just don't capture on the any inter |
| 2025-06-04 16:30:51 +0000 | received badge | ● Rapid Responder (source) |
| 2025-03-06 18:17:20 +0000 | commented question | Long running tshark process and "-M" flag Have you looked at using the -b flag? See: https://blog.wireshark.org/2014/07/to-infinity-and-beyond-capturing-forever- |
| 2025-02-10 19:32:54 +0000 | commented question | getting zero length range from end of buffer Something like so? function getString(buffer, position) local length = buffer:range(position, 4):uint() positio |
| 2025-02-04 06:11:20 +0000 | received badge | ● Notable Question (source) |
| 2025-02-04 06:11:20 +0000 | received badge | ● Famous Question (source) |
| 2025-02-04 06:08:19 +0000 | received badge | ● Notable Question (source) |
| 2025-02-04 06:08:19 +0000 | received badge | ● Popular Question (source) |
| 2025-01-29 19:20:52 +0000 | commented question | How to write a listener/tap (in Lua) to follow streams inside of a dissected custom protocol? I'm not sure if this will be helpful to you or not, but try having a look at https://osqa-ask.wireshark.org/questions/55 |
| 2025-01-29 19:20:30 +0000 | commented question | How to write a listener/tap (in Lua) to follow streams inside of a dissected custom protocol? I'm not sure if this will be helpful to you or not, but try having a look at https://osqa-ask.wireshark.org/questions/55 |
| 2025-01-13 16:56:48 +0000 | commented answer | Looking for strategies when Lua dissectors are getting too big If I understand you correctly, you could add a table concatenation function, such as the one given in the top answer at |
| 2025-01-08 15:22:00 +0000 | received badge | ● Rapid Responder (source) |
| 2025-01-08 15:22:00 +0000 | answered a question | Looking for strategies when Lua dissectors are getting too big Regarding " I used up all the 200 local variables at ProtoFields, and from the looks I still have use for at least 200+ |
| 2025-01-07 17:46:47 +0000 | edited answer | how can we tell what update version covers which version of windows? You can refer to the End of Support Planning table on the Wireshark LifeCycle wiki page for this information. |
| 2025-01-07 17:45:30 +0000 | received badge | ● Rapid Responder (source) |
| 2025-01-07 17:45:30 +0000 | answered a question | how can we tell what update version covers which version of windows? You can refer to the End of Support Planning table on the Wireshark wiki for this information. |
| 2025-01-07 17:04:43 +0000 | commented question | avec win11 je ne peux pas enregistrer un fichier sur le disque dur de freebox delta Google Translate: Question Title: with win11 I cannot save a file on the hard drive of freebox delta Question: "I can |
| 2025-01-07 02:07:06 +0000 | commented question | Tracking udp stream What capture mechanism are you using to capture packets? If it's a SPAN port, then the switch might not be mirroring al |
| 2024-11-04 01:35:08 +0000 | commented question | CTF's in Wireshark.. I'll give it up.. It's unfortunate that you decided to give up. My (our) hope was to help guide you along so you could ultimately solve t |
| 2024-10-31 16:36:56 +0000 | commented question | CTF's in Wireshark.. I'll give it up.. @s64470, were you able to make any progress with the hints provided so far? |
| 2024-10-31 03:54:29 +0000 | commented question | CTF's in Wireshark.. I'll give it up.. That's the pcap file signature, not the file signature of the file that was downloaded via FTP. It might help to follow |
| 2024-10-30 15:59:27 +0000 | commented question | CTF's in Wireshark.. I'll give it up.. Ask yourself what does the payload data start with, and then search to see what type of file signature that might indica |
| 2024-10-16 13:41:13 +0000 | edited answer | small spikes(click/pop) of audio during media playback The thing you need to be aware of is that media playback depends not only on the audio samples, but on the timely availa |
| 2024-07-03 16:46:11 +0000 | commented question | tshark fails to extract RTP data from pcap even if it is available What version of tshark are you using? Can you post tshark -v output (copyright paragraph not needed)? |
| 2024-07-03 16:31:00 +0000 | commented question | tshark fails to extract RTP data from pcap even if it is available Does adding -2 help? |
| 2024-07-02 00:26:43 +0000 | edited question | Wireshark build on MacOS fails. Wireshark build Hi everyone, I am trying to build Wireshark on a Mac and have successfully installed Qt 6.5.3, run the |
| 2024-05-27 19:01:41 +0000 | edited answer | CVE-2024-24476, 78, 79 What indication do you have that these a) are valid issues and b) exist in the 4.0 branch? As far as I can tell, neither |
| 2024-05-23 20:18:03 +0000 | edited question | Tshark filter issue Tshark filter issue Hi, I have a tshark command but it does not work. Basically I use it like that: TSHARK_FILTER="\"p |
| 2024-05-23 20:17:34 +0000 | edited question | Tshark filter issue Tshark filter issue Hi, I have a tshark command but it does not work. Basically I use it like that: TSHARK_FILTER="\"p |
| 2024-05-23 20:16:49 +0000 | edited question | Tshark filter issue Tshark filter issue Hi, I have a tshark command but it does not work. Basically I use it like that: TSHARK_FILTER="\"p |
| 2024-05-23 20:15:17 +0000 | edited question | I am generating a UDP packet. The data payload is interpreted by Wireshark as a ADwin_config message. What determines an ADwin_config message? I am generating a UDP packet. The data payload is interpreted by Wireshark as a ADwin_config message. What determines an |
| 2024-05-20 21:17:02 +0000 | commented question | Resolve SS7 PCs didn't work Did you try placing it in the "Personal configuration" directory? Find that directory from the Wireshark Portable's: Ab |
| 2024-05-13 16:24:44 +0000 | commented question | tshark - extract conversations (ip,tcp,udp) / endpoints with GeoIP As reflected in the NOTES section at the bottom of the tshark man page, the online man page is for version 4.2.4 of Wire |
| 2024-04-30 14:22:34 +0000 | commented answer | Does tshark has an equivalent option of tcpdump [ -z postrotate-command ] An enhancement to dumpcap and/or tshark could possibly be made to support a postrotate command to match tcpdump's functi |
| 2024-04-23 16:52:28 +0000 | commented answer | Extract dissected fields from a capture with LUA console Right, it's the table of all extracted field values. I don't know, maybe I should have called it asdu_table instead, bu |
| 2024-04-23 16:18:04 +0000 | answered a question | Extract dissected fields from a capture with LUA console I don't know how efficient this Lua post-dissector solution is or if indeed it's bullet-proof under all possible corner |
| 2024-04-04 03:24:22 +0000 | commented answer | Is there a table somewhere that tells us which versions of Wireshark are compatible with which Windows OS and Windows Server OS as well as an EOL of that version of Wireshark? I updated the wiki page to add the missing information regarding EOS for Windows Server 2012. |
| 2024-04-03 20:32:54 +0000 | received badge | ● Rapid Responder (source) |
| 2024-04-03 20:32:54 +0000 | answered a question | Is there a table somewhere that tells us which versions of Wireshark are compatible with which Windows OS and Windows Server OS as well as an EOL of that version of Wireshark? Maybe https://wiki.wireshark.org/Development/LifeCycle#end-of-support-planning has the information you're looking for? |
| 2024-03-12 14:43:08 +0000 | commented answer | How should I share code when I lack the karma to attach it? This is not the answer to your question, "How should I get karma?" As @grahamb mentioned, "Karma is obtained by activit |
| 2024-03-12 14:42:50 +0000 | commented answer | How should I share code when I lack the karma to attach it? This is not the answer to your question, "How should I get karma?" As @grahamb mentioned, "Karma is obtained by activit |
| 2024-03-12 14:40:01 +0000 | commented question | How should I share code when I lack the karma to attach it? You could post the files to the wireshark-dev mailing list, along with your questions about them. |
| 2024-02-01 17:43:34 +0000 | received badge | ● Famous Question (source) |
| 2024-01-30 16:19:50 +0000 | received badge | ● Rapid Responder (source) |
| 2024-01-30 16:19:50 +0000 | answered a question | What is the bracket on the left representing in the packet list pane? If you refer to the Wireshark User Guide in section 3.18. The "Packet List" Pane, you will find Table 3.16. Related pack |
| 2024-01-08 14:21:08 +0000 | edited answer | How to filter by item? I'm not sure if this will work for the way your protocol adds the multiple messages to the tree, but if it does, the lay |
| 2024-01-02 20:01:19 +0000 | answered a question | Can I disable dark mode in Windows version There does seem to be a way to work around this issue by modifying your Wireshark shortcut. Append -platform windows:da |