Ask Your Question

csereno's profile - activity

2018-02-02 16:27:59 +0000 received badge  Autobiographer
2018-02-01 21:16:56 +0000 commented question how become Wireshark mirror?

Have you seen the wireshark.org mirror page? It has a few simple instructions to get started. Or, are you wanting offici

2018-01-04 14:43:38 +0000 commented question Why am I not seeing unique traffic

Are you running the capture on your PC, or on a different network device? Have you tried applying a display filter for y

2018-01-02 22:44:06 +0000 commented answer How to monitor session is not existing between two IP address on specific port

@IndWatch, Being that this is specifically a Wireshark forum this might be straying a bit off topic, but if you read thr

2018-01-02 20:12:07 +0000 commented question How to monitor session is not existing between two IP address on specific port

@IndWatch, Better yet...do you need to actually capture the packets? If not, you could even use other tools such as nets

2018-01-02 20:11:06 +0000 commented question How to monitor session is not existing between two IP address on specific port

@IndWatch, Better yet...do you need to actually capture the packets? If not, you could even use other tools such as nets

2018-01-02 20:06:34 +0000 received badge  Commentator
2018-01-02 20:06:34 +0000 commented question How to monitor session is not existing between two IP address on specific port

@sindy, I went back and looked at my script. At one time I had it running a single instance and I was deleting the tempo

2018-01-02 19:32:20 +0000 commented question How to monitor session is not existing between two IP address on specific port

@sindy, You are correct when running tshark's native commands. However, there are workarounds with scripting. I have bee

2018-01-02 18:43:37 +0000 commented answer How to capture UDP traffic and not NBNS traffic?

You can also filter on port number (socket) such as: (ip.addr == 192.168.70.20 && ip.addr == 192.168.70.22) &am

2018-01-02 18:42:28 +0000 commented answer How to capture UDP traffic and not NBNS traffic?

Try this: (ip.addr == 192.168.70.20 && ip.addr == 192.168.70.22) && !nbns

2018-01-02 17:53:31 +0000 commented question How to view packets sent out of ip

Is 192.168.0.5 the device running Wireshark or what it is connecting to? Are you capturing on the correct interface?

2018-01-02 17:47:35 +0000 commented question How to monitor session is not existing between two IP address on specific port

This may be possible if you used a script to monitor the output of tshark and then react to it. It depends what you are

2018-01-02 17:40:28 +0000 commented question How to capture UDP traffic and not NBNS traffic?

The pipes (||) are a logical "or" so your filter says anything to/from 192.168.70.20 or from 192.168.70.22. You will wan

2018-01-02 17:40:07 +0000 commented question How to capture UDP traffic and not NBNS traffic?

The pipes (||) are a logical "or" so your filter says anything to/from 192.168.70.20 or from 192.168.70.22. You will wan

2018-01-02 17:39:48 +0000 commented question How to capture UDP traffic and not NBNS traffic?

The pipes (||) are a logical "or" so your filter says anything to/from 192.168.70.20 or from 192.168.70.22. You will wan

2018-01-02 17:39:34 +0000 commented question How to capture UDP traffic and not NBNS traffic?

The pipes (||) are a logical "or" so your filter says anything to/from 192.168.70.20 or from 192.168.70.22. You will wan

2018-01-02 17:33:47 +0000 commented question View ONLY specific protocol

A display filter such as "tcp.port==992" will single out your traffic in your old pcaps.

2017-12-22 19:51:51 +0000 received badge  Supporter (source)
2017-12-22 19:47:12 +0000 received badge  Rapid Responder (source)
2017-12-22 19:47:12 +0000 answered a question Is it possible to test a capture filter with already captured traffic?

You could also replay the traffic in a lab scenario using a tool such as tcpreplay, netcat, etc and setup and test your

2017-12-22 19:10:34 +0000 commented question View ONLY specific protocol

If you already have the capture, you can use the protocol display filters such as "ssl" or "telnet" Otherwise, you can u

2017-12-22 18:51:41 +0000 commented question Database for management of PCAP files?

Over the years I've used folders/files, pcapr.net, and cloudshark.org. I used an internal version of Box for awhile as w

2017-12-22 18:41:39 +0000 commented question SSH performance question

TCP Delta is a great place to start. Pay close attention to where those large deltas occur (i.e. beginning of the captur