Ask Your Question

Guy Harris's profile - activity

2019-09-12 21:49:55 +0000 commented answer track a packet though a network?

So my question is will Wireshark allow their IT guy to watch our packet (the http post) as it makes its way through t

2019-09-12 21:40:11 +0000 edited question Why has the 8 in the MAC address in the capture window been replaced with an a?

Can anyone explain this Why has the 8 in the MAC address in the capture window been replaced with an a? ie 48 has becom

2019-09-09 19:01:53 +0000 edited question How can I capture the initial connection to a wireless access point on Windows?

Capture then connect interface I am trying to capture the initial DHCP sequence on a wireless network for a vendor. When

2019-09-09 18:54:48 +0000 commented answer How can I capture the initial connection to a wireless access point on Windows?

That's probably the result of a change from WinPcap to Npcap.

2019-09-09 17:39:01 +0000 commented question How can I capture the initial connection to a wireless access point on Windows?

On what version of what operating system is this?

2019-09-09 16:39:05 +0000 commented question Please update Npcap 0.995 in release package

The best way to request a fix is with a bug filed on the Wireshark Bugzilla; that allows it to be tracked as a fix. Thi

2019-09-09 16:38:47 +0000 commented question Please update Npcap 0.995 in release package

The best way to request a fix is with a bug filed on [the Wireshark Bugzilla](link text; that allows it to be tracked as

2019-09-06 17:21:30 +0000 commented answer reading .txt files transferred in an FTP capture

You selected a packet from the FTP control connection, not from the data connection, and did Follow > TCP Stream, so

2019-09-06 17:20:07 +0000 commented answer reading .txt files transferred in an FTP capture

Appreciate the input. Seems like an "enhancement request" is in order. When I follow the steps to follow the TCP stream

2019-09-06 17:18:14 +0000 commented question I can't capture 802.11 on wireshark

What do you mean by "can't capture"? Do you mean that you get an error using dumpcap, or that you don't get an error bu

2019-09-06 07:37:01 +0000 commented answer LoRaWan PCAP, wireshark not able to interpret

I.e., pcaprec_hdr_t is the format of the header that is at the beginning of every single record in every single pcap fil

2019-09-06 04:22:47 +0000 answered a question reading .txt files transferred in an FTP capture

is there a way to see what was in that text file? You could select a packet from the FTP data connection and do Ana

2019-09-06 04:22:47 +0000 received badge  Rapid Responder (source)
2019-09-06 04:21:14 +0000 edited question reading .txt files transferred in an FTP capture

reading .txt files in a capture I have a Wireshark capture where it shows that the port was opened, the password was ent

2019-09-05 20:39:43 +0000 commented question reading .txt files transferred in an FTP capture

What protocol was used to transfer the file?

2019-09-05 19:17:07 +0000 commented answer Is it possible to "Copy as Hex Stream" for the whole capture?

I do want each packet as a separate line in the final text file. Separate line, as in "one newline per packet, with

2019-09-05 19:15:40 +0000 commented answer LoRaWan PCAP, wireshark not able to interpret

your libpcap header format seems wrong That's because it IS wrong, for the reasons you specify. Please refer to

2019-09-04 23:04:22 +0000 commented answer Is it possible to "Copy as Hex Stream" for the whole capture?

Or doing File > Export Packet Dissections > As Plain Text..., select "All Packets" and "Captured", disable "Summar

2019-09-04 21:08:00 +0000 commented question Is it possible to "Copy as Hex Stream" for the whole capture?

Just concatenate the raw octets of all packets, without regard to packet boundaries, into one giant sequence of octets,

2019-09-04 19:11:46 +0000 received badge  Rapid Responder (source)
2019-09-04 19:11:46 +0000 answered a question Extend the Homeplug AV protocol

What can I do to make both dissector coexist ? Either 1) not have two dissectors, just modify the existing HomePlug

2019-09-04 01:06:46 +0000 answered a question use ip address to capture traffic?

Not unless you're working at home (or if Wireshark on your work computer is using a capture library with remote capture

2019-09-04 01:06:46 +0000 received badge  Rapid Responder (source)
2019-09-03 20:57:41 +0000 commented answer How to open CAN dbc file in wireshark

Note that if one of the technical reasons is "it has a GTK+ GUI", it will not function AT ALL with Wireshark 3.0 and lat

2019-09-03 20:51:05 +0000 commented question NPCAP 0.995 gives duplicate packets

Note that "their support system" is primarily the Issues section of the Nmap GitHub repository (yes, Nmap - Npcap uses t

2019-09-01 17:09:51 +0000 commented answer When will the downloads page documentation be updated to remove WinPCAP and replace with NPCAP (with current version number) as the stated packet capture tool?

but its not a bug The subject line of this question began with "When will the downloads page documentation be updat

2019-09-01 07:37:24 +0000 commented answer I need help to analyze slammer.pcap

Presumably they're referring to the "slammer.pcap" file on the Wireshark Wiki's Sample Captures page. The description o

2019-09-01 07:29:59 +0000 commented answer When will the downloads page documentation be updated to remove WinPCAP and replace with NPCAP (with current version number) as the stated packet capture tool?

guess they forget to update that If so, then, as noted, a bug should be filed about that on the Wireshark Bugzilla;

2019-09-01 03:39:23 +0000 edited question I need help to analyze slammer.pcap

I need help to analize slammer.pcap Hi! I just want some help or guide to analyze or understand the slammer.pcap exerci

2019-08-30 16:51:56 +0000 received badge  Rapid Responder (source)
2019-08-30 16:51:56 +0000 answered a question When will the downloads page documentation be updated to remove WinPCAP and replace with NPCAP (with current version number) as the stated packet capture tool?

When will the downloads page documentation be updated to remove WinPCAP and replace with NPCAP (with current version

2019-08-30 07:51:03 +0000 answered a question I can't capture 802.11 on wireshark

If tcpdump can't capture it, that's a macOS issue, not a Wireshark issue. Please report a bug to Apple.

2019-08-30 07:51:03 +0000 received badge  Rapid Responder (source)
2019-08-30 00:29:00 +0000 received badge  Rapid Responder (source)
2019-08-30 00:29:00 +0000 answered a question If there is no network, copying data to DVD comes under which OSI layer? Can we even categorize into OSI protocols?

Does this come under OSI protocol? No. There's no networking involved. There have been networking systems built a

2019-08-30 00:08:50 +0000 answered a question Loopback npcap added in Win10 network

The loopback interface is added by Npcap; the Wireshark installer can install Npcap, but it can be directly installed as

2019-08-30 00:08:50 +0000 received badge  Rapid Responder (source)
2019-08-28 17:48:36 +0000 commented answer Is it promiscuous mode doing this?

Then it sounds as if your switch is doing something weird. You might want to ask Cisco about that.

2019-08-28 10:54:06 +0000 commented answer How to capture the internal Ethernet data packets using npcap driver ?

Can we see the code in your application that makes pcap library calls? That code may be buggy.

2019-08-28 01:13:54 +0000 received badge  Rapid Responder (source)
2019-08-28 01:13:54 +0000 answered a question Is it promiscuous mode doing this?

This switch is NOT in mirrored mode. I.e., none of the switch ports, including the port into which the PC is plugge

2019-08-27 18:30:16 +0000 commented answer How to capture the internal Ethernet data packets using npcap driver ?

Note that Npcap's (and WinPcap's) API is pretty much the libpcap API. You will need the Npcap SDK in order to write you

2019-08-26 19:06:11 +0000 commented answer Is there a way to show non truncated data with tshark without recompiling?

That request is talking about the items in the packet detail pane. It's not clear that, say, a line in a protocol tree

2019-08-23 18:39:19 +0000 edited question Why am I getting "cannot open display" when running Wireshark on my CentOS VM?

I need to install Wireshark on my CentOS VM. I used the following commands to install the tool: $ yum install gcc gcc-c

2019-08-23 18:38:16 +0000 edited question How to silently install Wireshark on Windows with the SSHDUMP option

How to install Wireshark with SSHDUMP option silently I'm trying to install Wireshark silently while still enabling the

2019-08-22 20:12:40 +0000 commented question Is Wireshark 2.6.2 compatible with CYBG's proposed Windows 10 platform?

You might want to ask the CYB Group about that, unless "CYBG" is something other than the CYB Group, in which case you'l

2019-08-21 01:30:47 +0000 commented question Wireshark not opening "decode as" window

Which version of Wireshark is this, and on what operating system are you running Wireshark?

2019-08-19 17:17:52 +0000 edited question Can Wireshark parse and decode LPPe?

Can Wireshark parse and decode LLPe? Can wireshark parse and decode LPP and in particular LPPe information elements?

2019-08-19 17:17:32 +0000 edited question Can Wireshark parse and decode LPPe?

Can Wireshark parse and decode LPPe? Can wireshark parse and decode LPP and in particular LPPe information elements?

2019-08-15 22:29:39 +0000 received badge  Rapid Responder (source)