Ask Your Question

NJL's profile - activity

2019-10-15 12:15:48 +0000 commented answer What is the difference between time and delta time?

I don't know the internals of Wireshark to be able to answer your question in detail, but I'm speculating that the reaso

2019-10-15 12:14:40 +0000 commented answer What is the difference between time and delta time?

I don't know the internals of Wireshark to be able to answer your question in detail, but I'm speculating that the reaso

2019-10-15 12:14:31 +0000 commented answer What is the difference between time and delta time?

I don't know the internals of Wireshark to be able to answer your question in details, but I'm speculating that the reas

2019-10-15 11:32:13 +0000 edited answer What is the difference between time and delta time?

Time is when the packet was captured i.e. a fixed value. Delta time is the time between packets - e.g. the time between

2019-10-15 11:28:49 +0000 edited answer What is the difference between time and delta time?

Time is when the packet was captured i.e. a fixed value. Delta time is the time between packets - e.g. the time between

2019-10-15 11:25:41 +0000 answered a question What is the difference between time and delta time?

Time is when the packet was captured i.e. a fixed value. Delta time is the time between packets - e.g. the time between

2019-10-15 11:25:41 +0000 received badge  Rapid Responder (source)
2019-05-17 10:52:52 +0000 received badge  Rapid Responder
2019-05-17 10:52:52 +0000 answered a question SMB Transfer Upload fast, Download slow

Thanks for the capture files, however they would be much more useful if you include the TCP handshake. Can you please re

2018-12-03 05:47:00 +0000 received badge  Famous Question (source)
2018-11-29 21:02:10 +0000 received badge  Rapid Responder (source)
2018-11-29 21:02:10 +0000 answered a question TCP is limiting the use of bandwidth

In the sender.pcapng file, it's clear that 10.92.48.68 for some reason is incapable of processing the incoming data. Loo

2018-11-15 17:33:52 +0000 commented question IP Identification behaviour?

Not at this time, no. I'm trying to get more information, so I will hopefully know more by tomorrow.

2018-11-15 16:09:00 +0000 received badge  Rapid Responder (source)
2018-11-15 16:09:00 +0000 answered a question What is the best way to find out what is causing TCP acked unseen segment.

TCP Acked Unseen segment is Wiresharks way of informing you that in the capture you see ACKs for packets that were not s

2018-11-15 11:50:39 +0000 commented question IP Identification behaviour?

Packet capture should be available here: https://drive.google.com/file/d/1kdiS9bVbBsstfT6JL3K0teD9UZXUkheD/view?usp=driv

2018-11-15 11:46:14 +0000 commented question Do tcp dup acks always mean a retransmission

Remember you can filter a separate TCP session by right-clicking -> Conversation Filter -> TCP. This can then be e

2018-11-15 11:24:23 +0000 commented question Do tcp dup acks always mean a retransmission

Correct, a retransmission is based on the Retransmission Time Out (RTO) timer set by the OS and typically adjusted conti

2018-11-15 11:24:01 +0000 commented question Do tcp dup acks always mean a retransmission

Correct, a retransmission is based on the Retransmission Time Out (RTO) timer set by the OS and typically adjusted conti

2018-11-15 11:14:57 +0000 commented question IP Identification behaviour?

@Jaap: Thanks for the link. Already read that and others, but (to me at least) it doesn't really explain what I see here

2018-11-14 12:42:53 +0000 edited question IP Identification behaviour?

IP Identification behaviour? I've been asked to look at a capture file not captured by me. I know, asking for trouble ri

2018-11-14 12:41:51 +0000 asked a question IP Identification behaviour?

IP Identification behaviour? I've been asked to look at a capture file not captured by me. I know, asking for trouble ri

2018-10-26 08:01:14 +0000 marked best answer arp arp.src.proto_ipv4 wildcard search?

Hi,

Use case: identify what gateway servers on a number of different VLANs use, by identifying what GW the servers ARP for. This is needed since the GW must change IP address prior to a larger network migration.

I know I can see the details I'm after by using the field "arp.src.proto_ipv4", but my problem is that I can't search on this using wildcards.

As far as I can tell (https://www.wireshark.org/docs/dfref/...) the field is simply an IPv4 address field, so I'm unable to use the "matches" keyword which would've given me the opportunity to use regex.

I need to know which servers ARP for a GW IP that ends with ".12", so essentially a display filter such as "arp.src.proto_ipv4 == ..*.12" is what I'm looking for.

Any and all help much appreciated!

Thanks

/Niels

2018-10-26 08:00:47 +0000 commented answer arp arp.src.proto_ipv4 wildcard search?

Hi Packet_vlad, no I haven't found that thread, very helpful. And you're completely right - it's not arp.src.proto_ipv4

2018-10-26 06:30:41 +0000 asked a question arp arp.src.proto_ipv4 wildcard search?

arp arp.src.proto_ipv4 wildcard search? Hi, Use case: identify what gateway servers on a number of different VLANs use,

2018-09-18 05:24:02 +0000 received badge  Notable Question (source)
2018-08-01 03:39:45 +0000 received badge  Popular Question (source)
2018-07-30 15:26:45 +0000 received badge  Nice Answer (source)
2018-07-14 19:57:39 +0000 commented answer throughput issue dropped packet slow start

I won't comment on whether everyone should modify their settings as I don't know the defaults and I certainly don't know

2018-07-14 19:56:53 +0000 commented answer throughput issue dropped packet slow start

I won't comment on whether everyone should modify their settings as I don't know the defaults and I certainly don't know

2018-07-13 16:29:21 +0000 commented answer throughput issue dropped packet slow start

First off, please don't answer a question in the comment section with an answer to your original question, that will onl

2018-07-13 16:28:54 +0000 commented answer throughput issue dropped packet slow start

First off, please don't answer a question in the comment section with an answer to your original question, that will onl

2018-07-13 16:25:58 +0000 commented answer throughput issue dropped packet slow start

First off, please don't answer a question in the comment section with an answer to your original question, that will onl

2018-07-13 16:25:49 +0000 commented answer throughput issue dropped packet slow start

First off, please don't answer a question in the comment section with an answer to your original question, that will onl

2018-07-13 16:24:02 +0000 commented answer throughput issue dropped packet slow start

First off, please don't answer a question in the comment section with an answer to your original question, that will onl

2018-07-13 07:33:02 +0000 commented answer throughput issue dropped packet slow start

Hi, No sorry, I'm not Kary - I'm NJL :-) I'm not sure I follow what you mean. Can you upload a new capture?

2018-07-12 08:57:43 +0000 commented answer How to make tshark/wireshark to analyze tcp flow group by interface_id

Here's an excellent post covering some of the possible issues with multi-interface captures.

2018-07-12 08:49:30 +0000 commented answer How to make tshark/wireshark to analyze tcp flow group by interface_id

If you can upload the file to cloudshark, google drive, dropbox etc. you can share the link

2018-07-12 08:17:39 +0000 received badge  Rapid Responder (source)
2018-07-12 08:17:39 +0000 answered a question How to make tshark/wireshark to analyze tcp flow group by interface_id

You should be able to use a Display Filter to select the interface you want and then you can export that data as a separ

2018-07-11 17:39:57 +0000 commented question RST packets sent by both client and server during file transfer

Still asks for permission...

2018-07-11 07:14:53 +0000 commented answer handling 150mb pcaps

You can merge pcaps by simply dragging all of them onto Wireshark or use the "File->Merge" dialog (requires that you

2018-07-11 05:27:52 +0000 edited answer throughput issue dropped packet slow start

The TCP Receive Window is way to low for you to fill that 1G circuit with such a high round trip time (RTT). You should

2018-07-11 05:19:53 +0000 answered a question throughput issue dropped packet slow start

The TCP Receive Window is way to low for you to fill that 1G circuit with such a high round trip time (RTT). You should

2018-07-11 05:19:53 +0000 received badge  Rapid Responder (source)
2018-07-11 04:54:51 +0000 received badge  Supporter (source)
2018-07-10 15:05:39 +0000 answered a question handling 150mb pcaps

I can recommend Riverbeds Packet Analyzer. It's very snappy and makes it very easy to work with multi-GB capture files.

2018-07-10 15:05:39 +0000 received badge  Rapid Responder (source)
2018-07-09 20:01:51 +0000 commented answer has anyone seen duplicate smb packets

Excellent answer - thanks for taking the time! Do you have any sources of similar explanation of SMB behaviour that you