Ask Your Question

Guy Harris's profile - activity

2020-03-31 05:29:51 +0000 commented answer What Is The Endianness of Captured Packet Headers?

And even in the case where the byte order is the host byte order, that's typically the order of the host sending the pac

2020-03-31 04:23:22 +0000 received badge  Rapid Responder (source)
2020-03-31 04:23:22 +0000 answered a question What Is The Endianness of Captured Packet Headers?

network byte order is big-endian for TCP "Network byte order" means big-endian, so it's big-endian everywhere. Con

2020-03-30 18:41:00 +0000 commented question This is all I get at start up of wireshark, "No Interfaces found" Why?

On what operating system is this? The packet capture mechanism, and thus the problems that cause interfaces not to show

2020-03-30 16:52:09 +0000 edited question I get "the captured file appears to have been cut short in the middle" reading a file from tcpdump if I kill it while it's capturing

the captured file appears to have been cut short in the middle Wireshark tool always show an error prompt with "the capt

2020-03-30 16:51:09 +0000 commented answer I get "the captured file appears to have been cut short in the middle" reading a file from tcpdump if I kill it while it's capturing

"-9" is pretty harsh. Where "pretty harsh" means will not work - it will immediately stop tcpdump, not giving it an

2020-03-30 08:07:43 +0000 commented question I get "the captured file appears to have been cut short in the middle" reading a file from tcpdump if I kill it while it's capturing

How are you capturing the traffic? Are you doing it in Wireshark or in some other program?

2020-03-29 21:13:51 +0000 received badge  Rapid Responder (source)
2020-03-29 21:13:51 +0000 answered a question How would I use MAC address to locate router

How would I use MAC address to locate router Assuming you mean the MAC address of the router (the MAC address of an

2020-03-28 17:32:24 +0000 commented question how do i change to a certain app

like how do i change wire shark to a certain app What do you mean by "change"? Wireshark and Discord do two complet

2020-03-28 06:11:35 +0000 commented question how do i change to a certain app

How does this question involve Wireshark?

2020-03-28 03:23:48 +0000 edited question Why does Wireshark not capture any data when in monitor mode on my Mac?

Why does Wireshark not capture any data when in monitor mode? Before activating the monitor mode, my computer is able to

2020-03-27 19:57:15 +0000 answered a question Why does Wireshark not capture any data when in monitor mode on my Mac?

I've also run the tcpdump -i en0 -I command in the terminal and no packets showed up. In other words, the answer to

2020-03-27 19:57:15 +0000 received badge  Rapid Responder (source)
2020-03-27 02:00:25 +0000 received badge  Rapid Responder (source)
2020-03-27 02:00:25 +0000 answered a question How can I capture network traffic from my smart TV?

wireless If you're capturing in monitor mode, and you're seeing a lot of "802.11" packets being captured, first re

2020-03-26 21:46:39 +0000 edited question How can I extract the DICOM headers of files from a capture of traffic?

DICOM headers I have pcap files with DICOM protocols, is it possible to read the content of the packet and extract the D

2020-03-26 21:32:52 +0000 commented answer New to Wireshark and attempting to snoop USB

And, in answer to One last thing, I've also downloaded WINPcap. Is this necessary? the answer is "no".

2020-03-25 18:05:46 +0000 answered a question Merge binary data of multiple packets

This sounds like something that would be done by Wireshark's "Export Objects" mechanism, but the Bluetooth dissectors ar

2020-03-25 18:05:46 +0000 received badge  Rapid Responder (source)
2020-03-24 18:27:48 +0000 commented answer How to deactivate the warning "Trailing stray characters"?

So does your protocol have counted strings, null-terminated strings, null-padded strings, or strings that are both count

2020-03-24 06:08:47 +0000 commented answer RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option. Wireshark seems to use the number 21 instead. Is there a newer Wireshark version that will follow RFC8613?

The "work" for putting the fix into 3.2.3 consisted of me clicking a few buttons on Wireshark's Gerrit Web site to apply

2020-03-24 03:49:32 +0000 commented answer RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option. Wireshark seems to use the number 21 instead. Is there a newer Wireshark version that will follow RFC8613?

The fix should be in the 3.2.3 release when it comes out. That release is currently scheduled for 2020-04-08.

2020-03-23 23:03:29 +0000 commented question Unable to open Capture taken with IXIA

Also I realized that for each packet, there is an IxVeriWave Radio Tap Header. Maybe this is what causing the error w

2020-03-23 23:03:11 +0000 commented answer Unable to open Capture taken with IXIA

I guess I will have to open a case with IXIA then.. That's a good start. Tell them that a core libpcap and Wiresha

2020-03-23 21:29:21 +0000 commented question Unable to open Capture taken with IXIA

Also I realized that for each packet, there is an IxVeriWave Radio Tap Header. Maybe this is what causing the error w

2020-03-23 21:23:09 +0000 commented answer Unable to open Capture taken with IXIA

Note that, in Wireshark, there's "the list of supported link-layer(+metadata) types" and "there's the list of supported

2020-03-23 20:48:38 +0000 answered a question Unable to open Capture taken with IXIA

Pcap: network type 261 unknown or unsupported According to the official list of pcap/pcapng link-layer type values,

2020-03-23 20:48:38 +0000 received badge  Rapid Responder (source)
2020-03-23 05:30:57 +0000 commented question RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option. Wireshark seems to use the number 21 instead. Is there a newer Wireshark version that will follow RFC8613?

Guy Harris just formatted my Wireshark trace. The markup syntax for Askbot is, I think, some flavor of Markdown, or

2020-03-23 01:39:32 +0000 received badge  Rapid Responder (source)
2020-03-23 01:39:32 +0000 answered a question RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option. Wireshark seems to use the number 21 instead. Is there a newer Wireshark version that will follow RFC8613?

Is there a newer Wireshark version that will follow RFC8613? Wireshark 3.4, when it comes out. The code in the pre

2020-03-23 01:05:56 +0000 edited question RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option. Wireshark seems to use the number 21 instead. Is there a newer Wireshark version that will follow RFC8613?

RFC8613 Object Security for Constrained RESTful Environments (OSCORE) defines the Coap Option number 9 as OSCORE Option.

2020-03-22 03:54:43 +0000 answered a question Wireshark not capturing any web traffic

I will let an advice columnist advise you on the wisdom of this plan. I take no responsibility for any consequences of t

2020-03-22 03:54:43 +0000 received badge  Rapid Responder (source)
2020-03-22 02:43:40 +0000 received badge  Nice Answer (source)
2020-03-21 05:30:13 +0000 received badge  Rapid Responder (source)
2020-03-21 05:30:13 +0000 answered a question Game crashes when opening Wireshark

I opened the Wireshark and the game also and when I went in to the game it instantly crashes. Why is that? Probably

2020-03-20 21:17:03 +0000 commented answer Frame Arrival Time drift

I'd be tempted to document it only in the Wiki for now, because 1) this is subject to change and 2) as the Npcap people

2020-03-20 20:08:48 +0000 edited answer Frame Arrival Time drift

Does npcap address the issue of arrival time drift? With Npcap 0.9989 or later, if you set the registry key HKLM\Sy

2020-03-20 19:40:52 +0000 answered a question Frame Arrival Time drift

With Npcap 0.9989 or later, if you set the registry key HKLM\System\CurrentControlSet\Services\NPF\TimestampMode to 4, t

2020-03-19 02:28:00 +0000 edited question How do I get information about the processes corresponding to TCP and UDP endpoints?

Process Information Hi All, I'm trying to get some process information using the fields: tcp.proc.dstpid tcp.proc.dstu

2020-03-19 02:27:04 +0000 edited answer How do I get information about the processes corresponding to TCP and UDP endpoints?

Do I need to enable something first for Wireshark to capture this information? Yes, you need to enable the "Display

2020-03-19 02:26:44 +0000 received badge  Rapid Responder (source)
2020-03-19 02:26:44 +0000 answered a question How do I get information about the processes corresponding to TCP and UDP endpoints?

Do I need to enable something first for Wireshark to capture this information? Yes, you need to enable the "Display

2020-03-19 02:16:06 +0000 answered a question Feature request in Wireshark: lua, zlib (and other compr libs)

How do we request a feature? By posting an enhancement request on the Wireshark Bugzilla. A better title might be

2020-03-19 02:16:06 +0000 received badge  Rapid Responder (source)
2020-03-18 19:27:40 +0000 commented answer how to get current frame number or stream number in lua plugin?

let me rephrase the question Perhaps you should ask it as a separate question. This site is best thought of as a "

2020-03-18 06:34:22 +0000 received badge  Rapid Responder (source)
2020-03-18 06:34:22 +0000 answered a question How Can I view Pre-Frame Data?

I want to be able to access the "Encapsulation type" (frame.encap_type) field for the purpose of the program I'm buil