| 2019-07-11 11:33:41 +0000 | commented answer | Drawing actual TCP window size in Wireshark So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND |
| 2019-07-11 11:33:29 +0000 | commented answer | Drawing actual TCP window size in Wireshark So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND |
| 2019-06-05 10:44:27 +0000 | received badge | ● Rapid Responder (source) |
| 2019-06-05 10:44:27 +0000 | answered a question | How can I estimate the congestion window with the information shown in wireshark? The task is quite complex and usually you can't do this. As current congestion window value is never transferred in pac |
| 2019-05-29 07:19:10 +0000 | edited answer | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here). As I understand it counts in seconds, so MA = 1 means Moving Average wi |
| 2019-05-29 07:18:59 +0000 | edited answer | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here). As I understand it count in seconds, so MA = 1 means Moving Average wit |
| 2019-05-29 07:16:19 +0000 | answered a question | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here) |
| 2019-05-29 07:16:19 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-28 04:03:36 +0000 | commented answer | SSH Connection randomly drops (Palo Alto FW in between) That's because the client emitted some data packets we don't see in the capture. For the rest network diagram is needed. |
| 2019-05-28 03:58:24 +0000 | commented answer | SSH Connection randomly drops (Palo Alto FW in between) That's because the client emitted some data packets we don't see in the capture. BTW as I understand Wireshark doesn't |
| 2019-05-27 13:16:45 +0000 | commented question | SSH Connection randomly drops (Palo Alto FW in between) A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol |
| 2019-05-27 13:16:37 +0000 | commented question | SSH Connection randomly drops (Palo Alto FW in between) A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol |
| 2019-05-25 17:10:47 +0000 | commented answer | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. You're welcome! |
| 2019-05-25 14:29:33 +0000 | commented question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the s |
| 2019-05-25 14:29:14 +0000 | commented question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. That did't work because there are two IP field in a packet - source IP and destination IP. If you add 3rd IP with the sa |
| 2019-05-25 10:23:36 +0000 | answered a question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. host 1.1.1.1 and host 2.2.2.2 host 1.1.1.1 and host name.com Please also check this reference for other details. |
| 2019-05-25 10:23:36 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-18 17:33:23 +0000 | received badge | ● Popular Question (source) |
| 2019-05-16 11:04:02 +0000 | edited answer | the actual tcp send window is not increased further It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In |
| 2019-05-16 11:03:24 +0000 | answered a question | the actual tcp send window is not increased further It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In |
| 2019-05-16 11:03:24 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-16 09:50:06 +0000 | commented answer | smb or smb2 packets are all parsed to tcp Can't see the screenshot.. |
| 2019-05-15 06:29:52 +0000 | edited answer | Question about the sequence number and next sequence number If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt |
| 2019-05-15 06:26:01 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-15 06:26:01 +0000 | answered a question | Question about the sequence number and next sequence number If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt |
| 2019-05-10 21:35:47 +0000 | received badge | ● Good Answer (source) |
| 2019-05-10 21:35:47 +0000 | received badge | ● Enlightened (source) |
| 2019-05-10 07:20:05 +0000 | commented answer | Help analyzing TCP connection sequence Also you may read TCP/IP Illustrated vol.1 by Stevens, this book is must have for protocol understanding. TCP part of it |
| 2019-05-10 07:15:22 +0000 | edited answer | Sniffing stealmylogin.com Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit |
| 2019-05-10 07:13:41 +0000 | edited answer | Sniffing stealmylogin.com Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit |
| 2019-05-10 07:12:20 +0000 | answered a question | Sniffing stealmylogin.com Try to use host stealmylogin.com as capture filter. It'll resolve the name and filter by corresponding IP. BUT the sit |
| 2019-05-10 07:12:20 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-09 10:18:09 +0000 | edited answer | Wireshark filter src or dest Try ether host 34-E6-D7-55-24-23 || 34-E6-D7-55-24-34 |
| 2019-05-09 10:17:48 +0000 | answered a question | Wireshark filter src or dest Try ether host 34-E6-D7-55-24-23 || 34-E6-D7-55-24-34 |
| 2019-05-09 10:17:48 +0000 | received badge | ● Rapid Responder (source) |
| 2019-05-09 09:18:17 +0000 | commented answer | Help analyzing TCP connection sequence Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP |
| 2019-05-09 09:18:03 +0000 | commented answer | Help analyzing TCP connection sequence Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP |
| 2019-05-09 09:17:26 +0000 | commented answer | Help analyzing TCP connection sequence Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP |
| 2019-05-09 09:12:39 +0000 | commented answer | Help analyzing TCP connection sequence Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP |
| 2019-05-09 09:11:58 +0000 | commented answer | Help analyzing TCP connection sequence Sake, no, I don't. I just captured Chrome traffic from home to random website, client side, on a notebook itself (PCAP |
| 2019-05-09 08:52:51 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-09 08:47:09 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-09 08:44:57 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-09 08:43:37 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-09 08:41:53 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-09 08:41:36 +0000 | commented answer | Help analyzing TCP connection sequence My guess is: we observe "simultaneous close" case which means both client and server decided to close a connection at th |
| 2019-05-08 16:20:37 +0000 | commented answer | Help analyzing TCP connection sequence Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on |
| 2019-05-08 16:19:13 +0000 | commented answer | Help analyzing TCP connection sequence Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on |
| 2019-05-08 16:15:04 +0000 | commented answer | Help analyzing TCP connection sequence Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on |
| 2019-05-08 16:12:32 +0000 | commented answer | Help analyzing TCP connection sequence Sake: this is very good assumption. Check also Win size in RSTs - it is different (0 and 14336). I cannot understand on |
Copyright Wireshark Foundation, 2017-2019 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.