Ask Your Question

hugo.vanderkooij's profile - activity

2020-10-16 11:18:53 +0000 received badge  Rapid Responder (source)
2020-10-16 11:18:53 +0000 answered a question I Have The Wireshark 101 for Version 2 - Is this book sufficient?

Yes, The basic concepts are still the same and it will be a very useful book for you. At times things might looks slight

2020-10-15 15:52:06 +0000 received badge  Rapid Responder (source)
2020-10-15 15:52:06 +0000 answered a question task to learn wireshark

Look for the wireshark video's on youtube. Laura posted a number of great sessions.

2020-10-14 07:47:00 +0000 received badge  Rapid Responder
2020-10-14 07:47:00 +0000 answered a question Why can't I decrypt TLS traffic in one of my captures?

What steps have you taken to decde it? TLS decryption does not work statically. If you could decode last months and not

2020-10-14 07:46:53 +0000 received badge  Rapid Responder (source)
2020-10-14 07:46:53 +0000 answered a question Why can't I decrypt TLS traffic in one of my captures?

What steps have you taken to decde it? TLS decryption does not work statically. If you could decode last months and not

2020-10-14 07:43:19 +0000 received badge  Rapid Responder (source)
2020-10-14 07:43:19 +0000 answered a question How to make wireshark work with VPN on?

Actually isn't that what your VPN is supposed to do? Depending on your VPN solution you may tap on the traffic on pseudo

2020-10-13 10:04:06 +0000 received badge  Rapid Responder (source)
2020-10-13 10:04:06 +0000 answered a question TCP Retransmissions after [FIN, ACK] same tcp stream

It seems rather odd. As both system are in different subnets there is something connecting these two networks. This coul

2020-10-12 07:59:13 +0000 received badge  Rapid Responder (source)
2020-10-12 07:59:13 +0000 answered a question which wireshark filter shall i use to check if some ip is blocked at the server end

Does the proxy do SSL Intercept? If not, Then the best thing is just to run your browser in debug mode. Otherwise let th

2020-10-12 07:55:40 +0000 received badge  Rapid Responder (source)
2020-10-12 07:55:40 +0000 answered a question how do I see my command + why does wireshark not show certain connections?

Actualy if you do a packet capture and just use the right mouse clcik and use follow tcp session you can look at just th

2020-10-09 13:19:37 +0000 received badge  Editor
2020-10-09 13:19:37 +0000 edited answer By which of the following methods Wireshark detects TCP Retransmissions?

Option 5 : It goes to Ask Wireshark and asks it to do it's homework for them.

2020-10-09 13:18:40 +0000 received badge  Rapid Responder
2020-10-09 13:18:40 +0000 answered a question By which of the following methods Wireshark detects TCP Retransmissions?

It goes to Ask Wireshark and asks it to do it's homework for them.

2020-10-08 14:50:00 +0000 received badge  Rapid Responder (source)
2020-10-08 14:50:00 +0000 answered a question video from wireshark data

I would say that with the current lack of details about what you captured it is not possible to do so. First off you ne

2020-10-08 09:41:30 +0000 received badge  Rapid Responder (source)
2020-10-08 09:41:30 +0000 answered a question How to find the program that was executed to compromise the user?

Wireshark is not the tool you are looking for. Check out https://docs.microsoft.com/en-us/sysinternals/

2020-10-08 07:24:06 +0000 received badge  Rapid Responder (source)
2020-10-08 07:24:06 +0000 answered a question Get IP/host informations of an app.

From what you describe Wireshark is not for you. My guess you get a better understanding of things you look for by usin

2020-10-05 07:28:25 +0000 answered a question How to filter for international traffic?

Also note that the accuracy of Geo IP information is not 100%. So it's not perfect but a close estimation.

2020-03-11 14:14:42 +0000 commented answer What causes retransmissions?

A full capture can give you good head start in pinpointning issues. But the exact reason why a system is slower might no

2020-03-11 14:10:03 +0000 received badge  Rapid Responder (source)
2020-03-11 14:10:03 +0000 answered a question Question about ARP protocol

It's a choice. Historiclly it was common to learn ARP as soon as you got a packet. As everyting what you need is in the

2020-03-11 14:00:02 +0000 received badge  Rapid Responder (source)
2020-03-11 14:00:02 +0000 answered a question client wait 30s befor send SYN to ftp server on the passive port

I can think of (at least) 2 issues: 1. (Reverse) DNS is not working so you have to wait 2x 15 seconds for that timout.