Guy Harris's profile - activity

Or do you mean "the second bit in the raw packet data"?

On what operating system are you doing this?

And here's a latitude & longitude to ZIP code lookup service. It says "1 Credit per Lookup", so you may get a limit

Wireshark only capture length. I am using last version of kali 2021.3 kali-rolling. Today I pass through 4.9 version o

What does it display if you open up the "Frame 1" entry in the packet details pane? (For some reason, image links don't

This site is for asking questions about using Wireshark. Bugs and requests for improvement should be posted as issues o

And more should be added to that code to support string and byte-sequence comparisons at a particular offset and to supp

I don't think it's a particularly large leap to go from a capture filter syntax to BPF instructions, $ wc -l gencod

is it possible to determine the zip code in which a network is operating from the network traffic using wireshark N

Add the folder that Wireshark folder, e.g. "c:\Program Files\Wireshark\", closed all the windows and then restart. Me

Windows 11 Support When installing on a Windows 11 VM i get the error below. Neither mentioned KB is applicable, so it

Windows 11 Support When installing on a Windows 11 VM i get the error below. Neither mentioned KB is applicable, so it

There is not enough information available to determine what the issue is. There could be many causes (traffic is on a "

Marlformed Resultdata 16 INAP trace Hello , Someone has faced this issue trying to decoded INAP traces? I can decode

What protocol is this?

So by "features" do you mean "the items that show up in the part of this display that has stuff such as Questions: 1"?

So by "features" do you mean "the items that show up in the part of this display that has stuff such as Questions: 1"?

I created a dissector under the assumption that a given dissector is applied to every packet picked up by Wireshark.

is a given dissector applied to every packet? I created a dissector under the assumption that a given dissector is appli

This has nothing to do with Lua; it has to do with the way the TCP dissector handles retransmissions. If it's a retrans

LUA and retransmission packets Hello, my dissector is registered to decode a bunch of ports: tcp_table = DissectorTabl

If you're capturing in monitor mode, then, if you're on a "protected" network (with WEP or WPA encryption), the packets

Transmission time is defined as: the total time the frame takes to transmit data By that do you mean the difference

Ok I have figured out that this problem only occurs if I have the network tap positioned between the wall and the rou

Even if I do a capture filter of 'ip' it doesn't capture anything. What if you have no capture filter?

When I run a capture using 'host xxx.xxx.xxx.xxx' as a capture filter it does not capture anything even though I know

On my packet capture on Wireshark I have a column called "time delta from previous captured frame" as well as "time d

Wireshark reassembly stops working after "TCP previous segment not captured"" I'm analiayze the rtp's packet over TCP by

LUA Dissector is not run on retransmitted TCP segments I'm analiayze the rtp's packet over TCP by wireshark's dissector.

The problem has nothing to do with Lua. It has to do with the capture not having all the packets in the TCP flow from 3

You'd have to modify the etype_vals[] table in epan/dissectors/packet-ethertype.c and recompile Wireshark; unfortunately

If by "USB to Ethernet adapters" you mean "USB Ethernet adapters", i.e. Ethernet adapters that are not built into the ma

If by "USB to Ethernet adapters" you mean "a USB Ethernet adapter", i.e. an Ethernet adapter that's not built into the m

Red Flag "\Device\NPF_Loopback" Hi, i hope anyone can tell me why wireshark flags the packages on the Screenshot in re

new build issues I was following the step by step guide (https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWin32.h

Is it possible to publish the signatures file with each release set instead of only the signature file for the curren

If you have a Mac running a sufficiently recent version of macOS (I don't know when "remote virtual interfaces" were add

You'll have to ask Apple about that - we just report what macOS's code tells us.