Ask Your Question

Christian_R's profile - activity

2019-11-11 20:50:15 +0000 answered a question How to measure 3 L2L connections

You can do this with Wireshark in general. But as you talk about UDP traffic things are getting a little bit more compli

2019-11-11 20:50:15 +0000 received badge  Rapid Responder (source)
2019-09-10 21:03:01 +0000 answered a question Unusual delay during TCP connection handshake

Yes you are right there is a delay of around 4.4 seconds in the trace. The gap is directly after the 3 way handshake. We

2019-09-02 06:04:48 +0000 commented question Slow Response - host send a ACK packet slowly than usual

I can't see from the question which ACK is more slowly than expected. But in general I would say that your trace file ho

2019-09-01 19:28:42 +0000 commented question Slow Response - host send a ACK packet slowly than usual

I can't see from the question which ACK is more slowly than expected. But in general I would say that your trace file ho

2019-09-01 19:27:59 +0000 commented question Slow Response - host send a ACK packet slowly than usual

I don´t know which ACK is more slowly than expected. But in general I would say that your trace file host2... is really

2019-08-31 21:08:04 +0000 answered a question Analyze Videotraffic from e.g Prime Video

You can analyze the stream with Wireshark and measure the throughput and goodput. But normally I would not recommend to

2019-08-31 20:42:11 +0000 commented question Slow Response - host send a ACK packet slowly than usual

Can you share us a trace... Sharing a trace FAQ

2019-08-31 20:40:30 +0000 commented question If the NIC Receive Buffer fills how does this manifest in Wireshark

There might be several reasons, for having a gap of 10-15 seconds. I suggest you provide us a trace, then we can explain

2019-08-31 20:39:43 +0000 commented question If the NIC Receive Buffer fills how does this manifest in Wireshark

There might be several reasons, for having a gap of 10-15 seconds. I suggest you provide us a trace, then we can explain

2019-08-16 21:37:16 +0000 commented answer Can client control whether server sets PSH flag on every packet?

Maybe there is a device in between (LB,FW, ...) which sets a PSH bit to every tcp packet, but this is only guessing, as

2019-08-14 20:55:16 +0000 received badge  Popular Question (source)
2019-08-12 22:41:39 +0000 edited answer Using a vlans file in profile

Please try to put the vlan file in ~/.config/wireshark/ directly. There was a bug in 3.0.2 and it could be that the bugf

2019-08-12 11:00:47 +0000 edited answer Using a vlans file in profile

Please try to put the vlan file in ~/.config/wireshark/ directly. There was a bug in 3.0.2 and it could that the bugfix

2019-08-12 10:59:54 +0000 received badge  Rapid Responder (source)
2019-08-12 10:59:54 +0000 answered a question Using a vlans file in profile

Please try to put the vlan file in ~/.config/wireshark/ directly. There was a bug in 3.0.2 and it could that the bugfix

2019-07-16 16:23:00 +0000 commented question Fritzbox 5490 capture

Or it would be helpful, if you could tell us what you want to capture. Internal-Net or External.

2019-07-02 20:38:12 +0000 commented answer Receiver sends window update instead of DUP ACK

@Syn-bit: Of course you are right. Thx. I was somehow on the wrong track...

2019-07-02 19:50:43 +0000 commented answer Receiver sends window update instead of DUP ACK

@Syn-bit: I agreee. But I just wonder about a second spot. How long would you assume does the receiver keep the Out-Of-O

2019-07-02 19:49:17 +0000 commented answer Receiver sends window update instead of DUP ACK

@Syn-bit: I agreee. But I just wonder about a second spot. How long would you assume does the receiver keep the Out-Of-O

2019-06-30 11:42:32 +0000 commented question Receiver sends window update instead of DUP ACK

Thx for the traces. Do you know the value of the Scaling factor the client and the receiver are advertising? Or even bet

2019-06-27 21:26:03 +0000 commented question Keep-Alive Packets after FIN

Well the trace for Chrome looks now different. But in your cases the server closes the connection. So from end user poin

2019-06-26 20:32:20 +0000 commented question Keep-Alive Packets after FIN

Sorry but I cannot spot the sessions from the screenshot (127.0.0.1 with server port 7171) inside the trace.

2019-06-25 22:12:55 +0000 commented question Keep-Alive Packets after FIN

The Screenshot for looks a little bit strange... Without a trace no deeper analysis is possible. Could you please share

2019-06-19 20:22:52 +0000 answered a question Finding a device sending spam emails

One way can be to disconnect one device for one or two days around that date and see if emails are still send. If yes, t

2019-06-19 16:49:09 +0000 received badge  Rapid Responder (source)
2019-06-19 16:49:09 +0000 answered a question How to check the time taken to upload a file in windows

if it uses http you can use http.time in the response packet. If you se smb you can use the service reponse time dialog

2019-06-19 16:40:05 +0000 edited answer Chart gaps between IP ID

No, not really. You can do this task by different ways. 2 of them I show you. You can use tshark -> Have a detailed

2019-06-19 16:39:40 +0000 received badge  Rapid Responder (source)
2019-06-19 16:39:40 +0000 answered a question Chart gaps between IP ID

No, not really. You can do this task by different ways. 2 of them I show you. You can use tshark -> Have a detailed

2019-06-19 16:35:43 +0000 commented answer Finding a device sending spam emails

How often does the device send this email?

2019-06-18 20:37:47 +0000 edited answer TurboCap capture card?

Short answer: No, Gigabit full line capture is still not easy.. Longer Version: Reliable 1GBit/s full line capture is

2019-06-17 17:03:50 +0000 edited answer TurboCap capture card?

Short answer: No. Longer Version: Reliable 1GBit/s full line capture is still a hard task. You still need special cap

2019-06-17 15:47:35 +0000 answered a question TurboCap capture card?

Short answer: No. Reliable 1GBit/s full line capture is still a hard task. You still need special capture devices and d

2019-06-17 15:47:35 +0000 received badge  Rapid Responder (source)
2019-06-16 18:53:08 +0000 edited answer Finding a gap in length or id

You can do this task by different ways. 2 of them I show you. You can use tshark -> Have a detailed look here https

2019-06-16 18:52:24 +0000 answered a question Finding a gap in length or id

You can do this task by 2 ways. You can use tshark -> Have a detailed look here https://www.youtube.com/watch?v=gMg

2019-06-16 18:25:37 +0000 commented question ARP packets to public IP addresses

Can you give us some specific examples which ip addresses the strange clients requesting?

2019-06-05 19:47:30 +0000 commented answer need help to understand trace Issue with SMB File Access Slowness from Windows 10 Client

Edited the comment above: Anonymized it a little bit.

2019-06-05 19:45:49 +0000 commented answer need help to understand trace Issue with SMB File Access Slowness from Windows 10 Client

Found the following SMB 2 Errors: Info Create Response File: delta.pvt\\***\\Clients;Find Response;Find Response, Erro

2019-06-04 19:34:28 +0000 commented question need help to understand trace Issue with SMB File Access Slowness from Windows 10 Client

A little bit hard to tell. Because you have taken the capture on a local machine with offloading functions enabled and t

2019-06-03 10:36:37 +0000 commented answer error MSB6006: "cmd.exe " exited with code 1. [C:\Development\wsbuild64\plugins\epan\homematic\homematic.vcxproj]

Or you can open the file with a hex editor and search for 0x9d and replace it with anon unicode character. This is the w

2019-05-28 18:41:37 +0000 commented answer SSH Connection randomly drops (Palo Alto FW in between)

@SYN-bit good spot

2019-05-27 22:42:15 +0000 commented answer SSH Connection randomly drops (Palo Alto FW in between)

It is too late I cannot see reason at the moment for the following observation. But does anybody have an idea why in the

2019-05-19 21:57:37 +0000 commented answer SMB Transfer Upload fast, Download slow

@sugar76 thank you for telling us the solution!

2019-05-19 07:19:13 +0000 received badge  Rapid Responder (source)
2019-05-19 07:19:13 +0000 answered a question SMB Transfer Upload fast, Download slow

The main reason is, that the download trace shows continuous packet loss, which causes the slow transfer.

2019-05-15 22:46:51 +0000 commented answer Can I protect a lua text script not to read?

If I have a dissector for protocol it might be possible to reverse engineer it, with some time. So why keep it that conf

2019-05-15 19:32:27 +0000 commented answer What's causing the performance issue with Citrix here?

I have deleted the link to the trace files, due to security reasons

2019-05-09 15:41:08 +0000 commented question could not see the http.time from a sliced trace

Can you provide us a trace?