Ask Your Question

Guy Harris's profile - activity

2020-07-06 08:41:57 +0000 commented answer Enhancing export objects for TSHARK

The "Export Object" mechanism - in both Wireshark and TShark - is intended to save the raw content of files transferred

2020-07-06 02:44:21 +0000 commented answer "You don't have permission to capture on that device" on en0 on macOS

So ls -l /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist still says ls: /Library/LaunchDaemons/org.wireshark.Chm

2020-07-05 23:26:24 +0000 edited answer "You don't have permission to capture on that device" on en0 on macOS

Also I Install ChmodBPF If there's no /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist file, it wasn't correctly

2020-07-05 23:26:06 +0000 answered a question "You don't have permission to capture on that device" on en0 on macOS

Also I Install ChmodBPF If there's no /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist' file, it wasn't correctl

2020-07-05 19:01:24 +0000 commented question "You don't have permission to capture on that device" on en0 on macOS

What does the command ls -l /Library/LaunchDaemons/org.wireshark.ChmodBPF.plist print?

2020-07-05 19:01:09 +0000 commented question "You don't have permission to capture on that device" on en0 on macOS

What does the command ls -l /Library/LaunchDaemons//org.wireshark.ChmodBPF.plist print?

2020-07-05 02:27:29 +0000 edited question Read Header packet

Read Header packet Hi I very pleased join wireshark site I need to read this packet and what does mean HEAD /edgedl/

2020-07-02 20:46:45 +0000 edited question "You don't have permission to capture on that device" on en0 on macOS

Permission Error. Hi guys, I have prob with permission error when I download wireshark program. I did all the required &

2020-07-02 20:46:05 +0000 commented question "You don't have permission to capture on that device" on en0 on macOS

What does ls -l /dev/bpf0 print when you run it in Terminal?

2020-07-01 22:03:58 +0000 commented question Network Problem Resolved Itself After Wireshark Install

What happens if you uninstall Npcap? If that causes the issues to come back, do they then go away if you re-install Npc

2020-07-01 06:14:31 +0000 answered a question How to find the model number of a printer in wireshark

There is no guaranteed way to do it. If some protocol happens to involve a printer sending a model number indication in

2020-07-01 06:14:31 +0000 received badge  Rapid Responder (source)
2020-07-01 01:08:52 +0000 commented answer Type for Dissecting n-bit Quantities

It sounds as if there's a 32-bit value with a bunch of subfields, so option B is probably best.

2020-06-30 09:40:26 +0000 edited answer Type for Dissecting n-bit Quantities

What is the correct type to use here for dissecting this quantity? It's a two bit field, so boolean is too small and

2020-06-30 09:30:19 +0000 received badge  Rapid Responder (source)
2020-06-30 09:30:19 +0000 answered a question How Can i edit pcap files in wireshark

It's not currently possible. The old GTK+ version had some limited editing capabilities; that might have required build

2020-06-30 04:41:50 +0000 edited answer Type for Dissecting n-bit Quantities

What is the correct type to use here for dissecting this quantity? It's a two bit field, so boolean is too small and

2020-06-30 04:19:40 +0000 answered a question Type for Dissecting n-bit Quantities

I've been given a template that uses an FT_ prefix instead of the g prefix - for example, it uses FT_Boolean and FT_U

2020-06-30 04:19:40 +0000 received badge  Rapid Responder (source)
2020-06-29 07:33:21 +0000 edited answer tshark - Save to file while filtering with display filter

-Y bacnet is a display filter, not a capture filter. A capture filter would be specified with -f, such as tshark -f "t

2020-06-29 07:32:34 +0000 commented question tshark - Save to file while filtering with display filter

-Y bacnet is a display filter, not a capture filter. A capture filter would be specified with -f, such as tshark -f "t

2020-06-29 07:32:27 +0000 edited question tshark - Save to file while filtering with display filter

tshark - Save to file while filtering with read filter Hi, When I run tshark with a capture filter, I can see the messag

2020-06-29 07:31:13 +0000 commented question tshark - Save to file while filtering with display filter

-Y bacnet is a read filter, not a capture filter. A capture filter would be specified with -f, such as tshark -f "tcp

2020-06-29 07:28:45 +0000 edited question tshark - Save to file while filtering with display filter

tshark - Save to file while viewing with display filter Hi, When I run tshark with a capture filter, I can see the messa

2020-06-29 07:27:18 +0000 edited question tshark - Save to file while filtering with display filter

tshark - Save to file while viewing with capture filter Hi, When I run tshark with a capture filter, I can see the messa

2020-06-27 03:51:31 +0000 answered a question tshark - Flag to remove index entry from ek output format

The ek format (jsonnl) from tshark is great for capturing into some Big Data environment. Unfortunately as the format

2020-06-27 03:51:31 +0000 received badge  Rapid Responder (source)
2020-06-24 21:32:52 +0000 answered a question Capitalising hex strings in dissector field output?

Perhaps this would be better done as a general presence so users, rather than dissector writers, can choose whether to s

2020-06-24 21:32:52 +0000 received badge  Rapid Responder (source)
2020-06-24 04:39:55 +0000 commented answer reference outer most eth.type

And the bug 3791 proposal, adding ordinal numbers to fields, may not be enough to do the trick; see my latest comment on

2020-06-24 02:57:11 +0000 received badge  Rapid Responder (source)
2020-06-24 02:57:11 +0000 answered a question Seeking Example for Protocol Encapsulating IPv4

You mention "ports", but you don't say anything about Foo or Foo2 having port numbers; neither Ethernet nor IPv4 have po

2020-06-22 09:07:41 +0000 received badge  Rapid Responder (source)
2020-06-22 09:07:41 +0000 answered a question Access to previous frame

If a dissector for frame N meeds information from frame M for that protocol, where M < N, the dissector should mainta

2020-06-21 21:49:46 +0000 commented answer npcap is broken. What do I do?

Also, if you're not running the latest version of Npcap, try updating. The npcap Web site indicates the latest version

2020-06-21 01:09:46 +0000 received badge  Rapid Responder (source)
2020-06-21 01:09:46 +0000 answered a question NMEA 2000 Packet Capture

According to the Wikipedia page to which I added a link in your question, "Electrically, NMEA 2000 is compatible with th

2020-06-21 00:55:51 +0000 edited question NMEA 2000 Packet Capture

NMEA 2000 Packet Capture Sir or Ma'am, Will you be developing filters/capabilities to capture and dissect NMEA 2000 tra

2020-06-21 00:48:25 +0000 commented answer Merge regular text logs (as info) and packet captures

So that'd be "syslog over UDP over IP over (whatever the link layer for the capture is)".

2020-06-20 19:45:32 +0000 answered a question Merge regular text logs (as info) and packet captures

The log file has timestamps. So these could be used to interleave the information fairly properly. Intereaving has

2020-06-20 19:45:32 +0000 received badge  Rapid Responder (source)
2020-06-20 19:28:22 +0000 answered a question Wireshark 3.2.4 on MacOS Catalina

t seems that this software is either not ready for MacOS Catalina. It works fine for me with 3.2.4 on 10.15.5. I'v

2020-06-20 19:28:17 +0000 answered a question Wireshark 3.2.4 on MacOS Catalina

t seems that this software is either not ready for MacOS Catalina. It works fine for me with 3.2.4 on 10.15.5. I'v

2020-06-19 17:17:20 +0000 commented answer I can't see the interfaces of my computer

You should not do that. See here why and here an other answer how to address this properly.

2020-06-19 02:06:42 +0000 answered a question I can't see the interfaces of my computer

Try running sudo dpkg-reconfigure wireshark-common on your machine. Answer <yes> to "Should non-superusers be

2020-06-19 02:06:42 +0000 received badge  Rapid Responder (source)
2020-06-18 08:12:31 +0000 commented question Using SLL dissector output in own dissector?

What do you mean by "at octet 2"? Octet 2 of what - the SLL payload, i.e. the octet at an offset of 0x12 from the begin

2020-06-16 19:58:13 +0000 answered a question RSSI / Signal Strength

At least for captures done on a personal computer (Windows + Npcap, Windows + AirPcap, Linux, macOS, *BSD), the signal s

2020-06-16 19:58:13 +0000 received badge  Rapid Responder (source)
2020-06-15 19:29:47 +0000 answered a question Ethercat Frames are not being recorded due to Symantec EP

This is probably an issue with WinPcap or Npcap; they both plug into the Windows networking stack, and Symantec Endpoint