| 2026-01-22 21:28:01 +0000 | answered a question | Netgear USB wifi adapters, Windows 11 and monitor mode @grahamb's comment lists the possible reasons why an adapter might not support monitor mode at all or support it poorly. |
| 2025-12-26 01:29:15 +0000 | commented question | Can this packet be filtered? What exactly is it you're trying to do? Do you already have a file, and you want to extract that particular packet? Or |
| 2025-12-19 08:18:34 +0000 | edited question | zigbee zcl payload field Sample Start Time does not get decoded zigbee zcl payload field Sample Start Time doe not get decoded The payload field Sample Start Time for Zigbee pkt GetSam |
| 2025-12-17 00:45:08 +0000 | edited question | Current Wireshark doesn't work for Windows 2012; where are the older versions? Wireshark doesn't work for Windows 2012. Wireshark doesn't work for Windows 2012. I need version 4.0 or earlier to run i |
| 2025-12-11 00:28:30 +0000 | received badge | ● Rapid Responder (source) |
| 2025-12-11 00:28:30 +0000 | answered a question | wireshark 4.6.x _FORTIFY_SOURCE 2 error Please report this as an issue on the Wireshark issues list. |
| 2025-12-06 21:43:09 +0000 | answered a question | Wireshark 4.4.12 missing What about Wireshark 4.4.12 ???? It's there now. |
| 2025-12-06 21:43:09 +0000 | received badge | ● Rapid Responder (source) |
| 2025-11-26 20:06:21 +0000 | edited question | MaxMind geolocation not working MindMax not working I watched all the Utube videos to configure mindmax for geolocation. Wire shark points to the corre |
| 2025-11-22 20:12:46 +0000 | commented question | Why am i not seeing any network interfaces on Ubuntu? That is an incredibly old version of Wireshark, It may run into other issues of analysing captures |
| 2025-11-21 19:43:42 +0000 | edited question | Why am i not seeing any network interfaces on Ubuntu? why am i not see my interfaces? no interfaces are come up |
| 2025-11-21 00:14:08 +0000 | edited answer | Stratoshark 0.9.3 update crashes instantly on MacOS 15.7.2 *Crickets* I can reproduce this on my macOS 15.7.2 VM. I filed Wireshark issue 20869. Follow that issue for further di |
| 2025-11-20 22:54:52 +0000 | received badge | ● Rapid Responder (source) |
| 2025-11-20 22:54:52 +0000 | answered a question | Stratoshark 0.9.3 update crashes instantly on MacOS 15.7.2 Crickets I can reproduce this on my macOS 15.7.2 VM. I filed Wireshark issue 20869. Follow that issue for further disc |
| 2025-11-19 22:22:15 +0000 | commented question | Stratoshark 0.9.3 update crashes instantly on MacOS 15.7.2 crashes. ... Mac MIni with 15.7.2 Are there any crash reports for Stratoshark in the Console application (in the Ut |
| 2025-11-19 22:18:57 +0000 | received badge | ● Rapid Responder (source) |
| 2025-11-19 22:18:57 +0000 | answered a question | Does Wireshark store any data anywhere else but locally? Wireshark does not include code to, for example, upload captures to a Web server. However as Chuckc notes, it stores ca |
| 2025-10-12 10:14:55 +0000 | answered a question | Wireshark not showing unicast packet when it was started when the interface is down Anyway, installed npcap 1.84 and still problem is there This is probably either an Npcap issue or a driver issue. S |
| 2025-10-09 17:32:18 +0000 | commented question | Wireshark not showing unicast packet when it was started when the interface is down What does the Wireshark version information report? Help -> About should show you version information; copy and past |
| 2025-10-05 16:08:48 +0000 | edited question | How do I add support for a new protocol to Wireshark? I have a New Protocol Hello wireshark community, We are a hardware developer and we have created a simple UDP Ethernet p |
| 2025-09-25 19:02:22 +0000 | edited question | Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap's Wired Tap port? Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap? I read that the ethernet po |
| 2025-09-24 22:16:15 +0000 | answered a question | Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap's Wired Tap port? I read that the ethernet port would be automatically disabled to traffic and put into promiscuous mode for listening |
| 2025-09-24 22:16:15 +0000 | received badge | ● Rapid Responder (source) |
| 2025-09-23 22:43:42 +0000 | commented question | Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap's Wired Tap port? So the quick start guide is for the Sharktap USB. Presumably you used the two Network ports to insert the Sharktap into |
| 2025-09-23 22:37:18 +0000 | edited question | Why does Wireshark detect activity from my Win11 laptop connected to a Sharktap network tap's Wired Tap port? Why does Wireshark detect activity from my Win11 laptop connected to a network tap? I read that the ethernet port would |
| 2025-09-20 07:40:03 +0000 | edited question | Starting Wireshark on Ubuntu shows only Capture / o Cisco remote capture etc. Ubuntu startup shows only Capture / o Cisco remote capture etc. No Open menu, 7 radio buttons none can be un-selected, n |
| 2025-09-16 19:00:48 +0000 | commented answer | Dissector compatibility with various Wireshark versions ...and bear in mind that, if "DLL" means "Windows DLL", providing only a Windows DLL means that users on, for example, L |
| 2025-09-10 07:59:20 +0000 | commented answer | How to reference .proto files to tshark You can also add that to your preference file to make it permanent. If you run Wireshark, you select Preferences from t |
| 2025-09-03 19:16:35 +0000 | received badge | ● Rapid Responder (source) |
| 2025-09-03 19:16:35 +0000 | answered a question | How can I convert Microsoft NetMon .cap files to a different format? The decode of the first packet says "Encapsulation type: Network Monitor Filter (189)", "Version: 1", App Major Versi |
| 2025-08-26 06:22:12 +0000 | received badge | ● Rapid Responder (source) |
| 2025-08-26 06:22:12 +0000 | answered a question | Is it possible to replace a PCAP's timestamps with the timestamps in an ERSPAN header? We care far more about when a packet transited the ERSPAN source device than when it arrived at the packet capture en |
| 2025-08-23 18:48:22 +0000 | commented answer | Why does "dumpcap -d" and "Wireshark -> Capture Options -> Compile BPFs" produce different output for the same capture filter? The extra instructions involve the SKF_AD_VLAN_TAG_PRESENT BPF extension that can test whether or not a VLAN tag is p |
| 2025-08-22 23:54:19 +0000 | commented answer | tshark filter options broken with NapaTech NIC dumpcap version uses a snapshot length of 512KiB Because it's running on macOS, (dynamically) linked with the macOS |
| 2025-08-22 22:36:24 +0000 | commented answer | tshark filter options broken with NapaTech NIC (and BPFExam produces the same output as Wireshark if I set the snapshot length to 262144) |
| 2025-08-22 22:32:38 +0000 | commented answer | tshark filter options broken with NapaTech NIC Q. Why does dumpcap -d and Wireshark -> Capture Options -> Compile BPFs produce different output for the same c |
| 2025-08-22 21:58:37 +0000 | commented question | tshark filter options broken with NapaTech NIC NapaTech seems to think it's a bug in the non-Napatech libpcap files. Napatech seems to be saying that, if you want |
| 2025-08-22 21:27:16 +0000 | commented answer | tshark filter options broken with NapaTech NIC You need to use the -f <capture filter=""> option. Nope. tshark, like tcpdump, will (at least in the case of |
| 2025-08-07 19:58:22 +0000 | edited question | Problem compiling under Windows Problem compiling under Windows I'm trying to build Wireshark under Windows in order to develop a dissector for a protoc |
| 2025-08-05 06:29:17 +0000 | commented answer | Does Wireshark natively support Class C and Class D protocols to retrieve EMP (Edge Message Protocol) messages? The Class D page to which you linked says "Class D is a protocol that converts a stream based TCP protocol to a message |
| 2025-07-19 22:23:41 +0000 | edited question | Why does the "Output format" capture option not affect the file format? Why does the "Output format" option when capturing not affect the file format? In version 4.4.8 (v4.4.8-0-g0d289c003bfb) |
| 2025-07-19 22:22:53 +0000 | edited question | Why does the "Output format" capture option not affect the file format? Regarding the issue of invalid file output format function In version 4.4.8 (v4.4.8-0-g0d289c003bfb), the final format o |
| 2025-07-11 02:18:22 +0000 | answered a question | I have a plugin dll in the Wireshark epan folder. Will the plugin work in a new version of Wireshark by just copying it to the new epan folder? If the new version of Wireshark is a new dot-dot release - for example, if you have it in the epan folder of Wireshark 4 |
| 2025-07-11 02:18:22 +0000 | received badge | ● Rapid Responder (source) |
| 2025-07-11 02:13:37 +0000 | commented answer | When does Wireshark 4.5 become an official release? Note that on that Wiki page, it doesn't show a 4.5 release; it shows, under "Future Release Branches", Wireshark 5.0, wh |
| 2025-07-11 01:57:19 +0000 | answered a question | No Frames Captured using Serial-to-USB Adapter in Wireshark Using an Advantech ULI-224TC RS-232 to RS-422/RS-485 converter. From the Advantech converter DB9 I'm going into my la |
| 2025-07-11 01:57:19 +0000 | received badge | ● Rapid Responder (source) |
| 2025-07-11 01:51:31 +0000 | edited question | No Frames Captured using Serial-to-USB Adapter in Wireshark No Frames Captured using Serial/USB Adapter in Wireshark Hello, Using an Advantech ULI-224TC RS-232 to RS-422/RS-485 co |
| 2025-07-09 15:10:13 +0000 | edited question | Running wireshark as root - plugins not working wireshark on wsl ubuntu - plugins not working I am trying to install the mavlink disector on my wel ubuntu machine I ad |
| 2025-07-09 15:09:00 +0000 | commented question | Opening Wireshark 4.4.7 on MacOS Sequoia 15.5 causes error message What is printed if you open Terminal and run the commands ls -ld ~ ls -ld ~/.config ls -ld ~/.config/wireshark |