| 2024-12-28 11:01:45 +0000 | commented question | ESP Packets Expected SN The IP Identification (IP ID) field, as per the RFCs, doesn't need to be unique and primarily serves IP fragmentation. T |
| 2024-12-26 10:21:43 +0000 | commented question | ESP Packets Expected SN Great!! Can you do a packet capture at the source of the IPSEC tunnel? If the missing IP IDs and sequence numbers appear |
| 2024-12-23 09:19:31 +0000 | commented question | ESP Packets Expected SN I apologize for missing your post. I'm surprised the ESP tunnel is still working. The anti-replay window is either very |
| 2024-12-20 05:32:05 +0000 | commented question | Fragmentation Look at the source IP address of the fragmented packet. |
| 2024-12-17 19:10:26 +0000 | commented question | ESP Packets Expected SN Having multiple ESP streams in packet captures can be quite perplexing. In Expert mode, the SPI is displayed. Is this th |
| 2024-10-09 21:16:15 +0000 | received badge | ● Popular Question (source) |
| 2024-10-09 21:16:15 +0000 | received badge | ● Notable Question (source) |
| 2024-10-09 21:16:15 +0000 | received badge | ● Famous Question (source) |
| 2024-08-26 08:17:15 +0000 | commented question | ์NO redirect web portal The TCP information you shared is for different TCP sessions. Is it possible to upload the pcap file to an open shared d |
| 2024-07-25 10:33:44 +0000 | commented question | Analyzing network delay To be honest, I have never used tc-netem and I don't have a lab to try some of my theories. . Maybe someone else can hel |
| 2024-07-20 04:39:43 +0000 | commented question | Analyzing network delay How do you define network performance? The data you measured provides essential information about the application's late |
| 2024-07-05 04:54:20 +0000 | commented question | Help with tcp previous segment not captured Can you capture traffic on the WAN interface directly connected to the service provider? In the 3-way handshake process, |
| 2024-05-11 08:20:18 +0000 | answered a question | UDP Packets: visibility depends on IP address Can you provide more information about the topology. I would expect the syslog device will send the packet to the gatewa |
| 2024-05-11 08:20:18 +0000 | received badge | ● Rapid Responder |
| 2024-03-12 19:46:10 +0000 | answered a question | I am new to wireshark and need to become proficient. What is the best path for a beginner and what is an appropriate time frame? I highly recommend checking out Chris Greer, The Technology Firm, and CellStream on YouTube. It will establish a solid g |
| 2024-03-12 19:46:10 +0000 | received badge | ● Rapid Responder (source) |
| 2024-03-11 12:56:21 +0000 | commented question | Is it normal for a router to spam broadcast packets? Can you share the pcap file (preferred) or a screenshot? |
| 2024-03-11 12:54:37 +0000 | edited answer | Hardware Specifics for 10Gb Capture Doing it correctly can be costly. That's all for today. Now, let's focus on the path to the future. 10G circuits are bec |
| 2024-03-11 12:44:29 +0000 | answered a question | Hardware Specifics for 10Gb Capture Doing it correctly can be costly. That's all for today. Now, let's focus on the path to the future. 10G circuits are bec |
| 2024-01-01 12:42:05 +0000 | received badge | ● Famous Question (source) |
| 2023-12-31 10:17:19 +0000 | edited answer | How do i change where Wireshark stores profiles? Windows Control Panel System Advanced System Settings Environment Variables Locate the section user variables for x (x |
| 2023-12-31 10:12:18 +0000 | edited answer | How do i change where Wireshark stores profiles? Windows Control Panel System Advanced System Settings Environment Variables Locate the section user variables for x (x |
| 2023-12-31 10:03:05 +0000 | edited answer | How do i change where Wireshark stores profiles? Windows = Control Panel - System Advanced System Settings - Environment Variables User variable for x(x is thw current |
| 2023-12-31 09:53:26 +0000 | answered a question | How do i change where Wireshark stores profiles? Windows Control Panel System Advanced System Settings Environment Variables User variable for xxxx (Windows currrent use |
| 2023-12-31 09:53:19 +0000 | answered a question | How do i change where Wireshark stores profiles? Windows Control Panel System Advanced System Settings Environment Variables User variable for xxxx (Windows currrent use |
| 2023-12-24 16:52:45 +0000 | commented question | How can i make analysed my traffic What are you trying to check?? The information that you shared has multiple connections. The screenshot that you shared |
| 2023-12-24 16:45:38 +0000 | commented question | sync flood attack identification I would start with what is on DDOS. https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/. Afterwards, think a |
| 2023-10-13 11:23:41 +0000 | commented question | How to capture the packets go thru E1/T1 interface that attached to windows server 2008 with Wireshark? Are you referring to the 2.048 Mbps and 1.544 Mbps when you mention the E1/T1 interface? |
| 2023-09-15 06:28:33 +0000 | answered a question | What does a ping result of "Destination unreachable" and "Host unreachable" mean? RFC 1812 provides an explanation. 1 = Host Unreachable - generated by a router if a forwarding path (route) to |
| 2023-09-15 06:28:33 +0000 | received badge | ● Rapid Responder (source) |
| 2023-08-10 04:24:59 +0000 | received badge | ● Rapid Responder (source) |
| 2023-08-10 04:24:59 +0000 | answered a question | IP Packets with DSCP 44 does not indicate "Voice-Admit" You can submit it has enhancement request at https://gitlab.com/wireshark/wireshark/-/issues |
| 2023-08-08 06:27:50 +0000 | answered a question | handling 150mb pcaps I utilize tshark frequently for large pcaps. You can use tshark to apply a filter to the packets and save them to a sepa |
| 2023-08-08 06:20:47 +0000 | answered a question | handling 150mb pcaps I utilize tshark frequently for large pcaps. You can use tshark to apply a filter to the packets and save them to a sepa |
| 2023-06-24 09:58:51 +0000 | commented question | why retransmisson of TCP handshake TCP retransmissions in the 3-way handshake can happen due to server congestion, network congestion, or packet drops. Di |
| 2023-05-15 00:53:14 +0000 | answered a question | TCP DUP ACK -> RST Problem Did the packet capture come from 206? Is there a firewall that can track network connection states? According to Wires |
| 2023-05-15 00:53:14 +0000 | received badge | ● Rapid Responder (source) |
| 2023-04-17 21:47:52 +0000 | commented question | Can a laptop with 1Gb NIC push 1Gb traffic (udp) onto LAN? Did you try to test it with IPERF? IPERF supports UDP tests. |
| 2023-03-30 08:37:30 +0000 | received badge | ● Rapid Responder (source) |
| 2023-03-30 08:37:30 +0000 | answered a question | Periodic Loss of Network Connectivity I use Wireshark when I have a general idea of what I am looking for. I believe a network performance software is a bett |
| 2023-03-29 22:14:54 +0000 | commented question | New to reading dumps, can anyone tell me whats wrong here? The image only shows traffic from 10.30.0.54 to 172.20.20.20. Where is the traffic from 172.20.20.20 to 10.30.0.54? It |
| 2023-03-22 14:51:35 +0000 | commented answer | Inserting a tap between ISP modem and router kills the Internet I tried a similar test with Netoptics TP-CU3. It was 1000M electrical connection between Surfboard modem in bridge mode |
| 2023-03-22 05:56:23 +0000 | received badge | ● Rapid Responder (source) |
| 2023-03-22 05:56:23 +0000 | answered a question | Inserting a tap between ISP modem and router kills the Internet I look up the instructions on the Internet that should work for 100M/1000M. It says use ports 1 and 2 (WAN modem and Wif |
| 2023-02-21 13:59:44 +0000 | commented answer | connection interruptions - need help please Hi, The packet in frame 156 is a multicast DNS (mDNS) from 192.168.1.140. The ARP Reply info column text would read: |
| 2023-02-21 13:59:17 +0000 | commented answer | connection interruptions - need help please Hi, The packet in frame 156 is a multicast DNS (mDNS) from 192.168.1.140. The ARP Reply info column text would read: |
| 2023-02-21 13:59:02 +0000 | commented answer | connection interruptions - need help please Hi, The packet in frame 156 is a multicast DNS (mDNS) from 192.168.1.140. The ARP Reply info column text would read: " |
| 2023-02-21 13:58:07 +0000 | commented answer | connection interruptions - need help please Hi, The packet in frame 156 is a multicast DNS (mDNS) from 192.168.1.140. The ARP Reply info column text would read: " |
| 2023-02-20 11:56:30 +0000 | commented answer | connection interruptions - need help please I've not found a tool that captures packets directly on an IOS device. There are a couple articles on using the MAC to t |
| 2023-02-20 11:55:47 +0000 | commented answer | connection interruptions - need help please I've not found a tool that captures packets directly on an IOS device. There are a couple articles on using the MAC to t |