Ask Your Question
0

Expert Information - Severity Error

asked 2023-10-06 19:59:39 +0000

budking gravatar image

Hello,

I have a question about the topic.

If I set the packets under the respective error filter to Ignore, does this go into the network or is this ignored in the *.pcapng, only?

What does ignoring a packet do?

Is there an option to ignore error paket's permanently?

How can I prevent myself from always receiving the same error packets over the network?

Why do I have to do the manual with Wireshark, isn't it automatic? Should my firewall OPNsense do this?

I know these questions are very general. Nevertheless, I would be happy about an answer, maybe I will understand it better, because I only have user knowledge... However, I have been working with Wireshark for a few weeks now and have already gained experience.

Kind Regards Budking

edit retag flag offensive close merge delete

Comments

Since I am now registered here, I want to ask an independent question, which has been bothering me for a long time. What does it actually depend on which packages I receive? In my opinion, it does not depend on the IP address or to whom the Internet connection is reported. This question is serious and I wonder if it depends on the personal aura?!?!

budking gravatar imagebudking ( 2023-10-06 20:26:00 +0000 )edit

I've probably done a lot of things wrong with packets. Now I just came up with the idea of ignoring all TCP packets and did it! I don't even understand what TCP means !?!! Basically, I just don't want the network packets to get on my nerves anymore! Is it possible to ignore TCP packets all the time?

Have I done this right, if I want some packages to stop eating into my thoughts? So meant like the song by DMX – going to Make Me Lose My Mind

I need to understand Wireshark even better without understanding any of the code.

Nowadays, the internet is indispensable, even for me. But I want to protect myself from malware and handle what is going on in the background in the network in such a way that it is not unwanted attacks for me.

budking gravatar imagebudking ( 2023-10-06 20:59:13 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2023-10-08 07:47:40 +0000

Guy Harris gravatar image

If I set the packets under the respective error filter to Ignore, does this go into the network or is this ignored in the *.pcapng, only?

The only option I see to "ignore" packets, using the word "Ignore" in the menu item, is the "Ignore/Unignore packet" option, which will toggle the "ignore this packet" option on all of the currently selected packets.

It does NOT affect those packets on the network, because it's too late to affect them. Those packets are in the Wireshark capture you have open because Wireshark, or some other program, has seen them on the network; they've already been sent by some host on the network, and setting them to be ignored will not prevent them from being sent, as they have already been sent, and will not prevent them from being received by the host on which Wireshark is running or on any other host.

(I'm not sure what "under the respective error filter" means - if by "the respective error filter" you mean the filter that you have applied to the capture, it makes no difference. You can ignore them even if there's no filter in effect.)

So it's ignored by Wireshark in this session, but, if you quit Wireshark and then re-open the capture, those packets will not be marked as "to be ignored" - that information isn't saved in the capture.

What does ignoring a packet do?

It causes Wireshark to set an "ignored" flag for the packet in an internal Wireshark data structure, and then to re-dissect all packets in the capture and, for all of the packets marked as "ignored", does no dissection of the packet's contents, it just displays it as "ignored".

Is there an option to ignore error paket's permanently?

No.

How can I prevent myself from always receiving the same error packets over the network?

If you mean "how do I prevent Wireshark from receiving those packets", the answer is "use a capture filter that filters out those packets".

However, that will NOT prevent those packets from being sent on your network. Wireshark is a packet analyzer, not a firewall or a generic "network problem fixer".

If you don't want those packets to be sent on your network, you need to fix whatever problem or problems are causing them to be sent.

Why do I have to do the manual with Wireshark, isn't it automatic? Should my firewall OPNsense do this?

It depends on what type of "error packets" you're talking about.

If, for example, you type some invalid URL, such as http://www.wireshark.org/this_page_do..., into your browser, and try to fetch that page, you will get back an HTTP 404 error page saying that page does not exist.

That 404 error page could be considered an "error packet", as it's reporting an HTTP error. However, it would be inappropriate for a firewall to block that packet, as it reports an error that you ... (more)

edit flag offensive delete link more

Comments

Thank you very much for your detailed answer! Thank you very much.

It helped me a lot to understand the thing better.

I set up my machine to better protect myself from malware. SparkyLinux (OPNsense: [ Unbound DNS (+Adguard-DNS io over TLS/https), Nginx, FreeRadius, OpenDNS], ProtonVPN, Wireshark, Coreboot, Librewolf with Addon [CanvasBlocker, Chamelon, Decentraleyes, DuckDuckGo Essintials/Safe, I don't care about cookies, AdGuard Extra, uBlock], Tor Browser, Invidious io (example FreeTube)

Thanks again. I understand that Wireshark is primarily there to analyze the network in order to find errors or problems. And then, if necessary, to find a solution application.

For example, I had the message "New fragment overlaps old data". TCP Recamouflage Mission Error. SparkyLinux and the application Nginx in OPNsense have caused this error to no longer be reported in Wireshark.

Did I understand correctly that Wireshark has no effect on the network. But if I ignore ...(more)

budking gravatar imagebudking ( 2023-10-08 08:42:50 +0000 )edit

For example, I had the message "New fragment overlaps old data". TCP Recamouflage Mission Error.

I think that's more like "New fragment overlaps old data (retransmission?)"; it has nothing to do with camouflage. It just means that some host has retransmitted data that was already seen by Wireshark when capturing traffic, perhaps because it hasn't seen an indication that the recipient host has received the data.

Did I understand correctly that Wireshark has no effect on the network.

Yes.

But if I ignore packets in the now, does it affect the continue of the network?

If you mark packets in Wireshark as "ignored", it does not affect the behavior of the network in any fashion. It only affects the way Wireshark dissects the packets (and it usually does not improve the dissection, as it causes Wireshark to ignore information from those packets that may be necessary to correctly ...(more)

Guy Harris gravatar imageGuy Harris ( 2023-10-08 09:24:38 +0000 )edit

Warning: This statement is only a Message and maybe to wrong.

I was too crazy and thought my aura (my earthly image of my soul) is recorded on the computer via the magnetic field in data codes . But that was a figment of the imagination.

I understood that in addition to the IP address, there is also the identifier of my machine (PC) and this thought comes from there.

... Personal data still exists, insofar as it is permitted or can be recorded by the IT system...... If I said it right...

I still don't really understand the IT system, but I've come so far that I personally don't get sick from it or it harms me.

I think my delusions are caused by malware, which can happen to a person individually case my psy calls me dailey.

Noted. There are, for example, rootkits. These are probably the ...(more)

budking gravatar imagebudking ( 2023-10-08 10:43:37 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-10-06 19:59:39 +0000

Seen: 331 times

Last updated: Oct 08 '23