2022-02-22 02:50:37 +0000 | received badge | ● Popular Question (source) |
2022-02-22 02:50:37 +0000 | received badge | ● Notable Question (source) |
2021-06-27 01:00:03 +0000 | received badge | ● Notable Question (source) |
2021-06-27 01:00:03 +0000 | received badge | ● Popular Question (source) |
2020-07-24 16:45:02 +0000 | answered a question | Why is my TCP Header Seen as "Data (20 Bytes)"? Yep, that did it. Great catch! To be honest, the Fragment Offset value of 512 is probably me incorrectly setting the I |
2020-07-24 16:45:02 +0000 | received badge | ● Rapid Responder |
2020-07-24 16:38:20 +0000 | marked best answer | Why is my TCP Header Seen as "Data (20 Bytes)"? Hi Wireshark Gurus, I am a college student working on a coding assignment. I'm writing a C program which creates a PCAP file, writes one valid network packet into the file, then exits. The point of the exercise is to learn how to format Ethernet, IP, and TCP headers in code. I pass my assignment if Wireshark can successfully open my PCAP and read the packet. So far, my code writes a valid Ethernet and IP header (although I am skipping some IP fields, like CRC checksum and flags). My code also writes a TCP header... but Wireshark doesn't recognize it! After the IP header, it simply sees "Data, 20 bytes." I followed the RFC for TCP on the TCP header format, plus set IP_Protocol = 6, and I thought that was all that was necessary. But no. Why might Wireshark look at my TCP header, and see raw data? I'm guessing it might be one of two reasons:
When Wireshark looks at where it should see a TCP header, it reports that it sees this: (I added those spaces.) When I hand-check that data against what my code is writing, everything looks okay. (Field values were copied from another packet I captured in Wireshark.) Everything is exactly as it should be, as far as I can tell. So what is wrong? What I see in Wireshark is included below. Many thanks in advance! (more) |
2020-07-24 15:29:41 +0000 | asked a question | Why is my TCP Header Seen as "Data (20 Bytes)"? Why is my TCP Header Seen as "Data (20 Bytes)"? Hi Wireshark Gurus, I am a college student working on a coding assignme |
2020-02-28 17:58:30 +0000 | commented answer | Tshark: How to find MIN, MAX, AVG Packet Lengths in PCAP File? Yes! YES!!! This did it! You are a genius, sir! Thank you... :) |
2020-02-28 17:58:01 +0000 | marked best answer | Tshark: How to find MIN, MAX, AVG Packet Lengths in PCAP File? Hi everyone, I have a series of large PCAP files on my Linux machine. I need to use tshark (v 2.2.6) to read the files, then compute the MIN, MAX, and AVG for all packet lengths. In other words, if I somehow had this: Then I need some output that looks like this: Or better yet: The ‘-z’ option is obviously the way to go here, but the later syntax trips me up. The format for what I think I want is: -z io,stat,interval,AVG (field)filter But after that, I’m fairly lost. Here’s what I do know:
|
2020-02-28 17:58:01 +0000 | received badge | ● Scholar (source) |
2020-02-27 18:25:05 +0000 | asked a question | Tshark: How to find MIN, MAX, AVG Packet Lengths in PCAP File? Tshark: How to find MIN, MAX, AVG Packet Lengths in PCAP File? Hi everyone, I have a series of large PCAP files on my L |