Ask Your Question

Packet_vlad's profile - activity

2019-10-29 06:25:46 +0000 edited answer Excluding specific IP within many Subnets

As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first

2019-10-29 06:20:10 +0000 received badge  Rapid Responder (source)
2019-10-29 06:20:10 +0000 answered a question Excluding specific IP within many Subnets

As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first

2019-10-23 18:57:28 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:55:40 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:54:07 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:53:14 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:52:38 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:52:09 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:51:08 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10

2019-10-23 18:50:40 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.100

2019-10-23 18:13:23 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could have been

2019-10-23 18:10:20 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could be mislea

2019-10-23 09:21:09 +0000 commented answer TCP DUP ACK/TCP Retransmission flood my network

Could you please share network diagram (even simple one, just to see traffic path and endpoints) and capture point locat

2019-10-23 08:36:12 +0000 edited answer TCP DUP ACK/TCP Retransmission flood my network

From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review

2019-10-23 08:30:08 +0000 answered a question TCP DUP ACK/TCP Retransmission flood my network

From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review

2019-10-23 08:30:08 +0000 received badge  Rapid Responder (source)
2019-08-02 04:05:35 +0000 received badge  Rapid Responder (source)
2019-08-02 04:05:35 +0000 answered a question TCP Keep-Alive on Linux - 10 seconds

Hello, What application is this? Check its settings/configuration. I guess application could override system-wide value.

2019-07-29 13:31:08 +0000 commented answer receive window and length

You can use any file sharing service (Google Drive, Dropbox etc) and post a link here. Trace file is preferable.

2019-07-29 09:03:39 +0000 commented answer receive window and length

This is perfect time to see the capture or at least a screenshot. Total Bytes in flight = bytes sent (SEQ + last TCP.l

2019-07-27 16:10:40 +0000 answered a question receive window and length

Hi, It would be nice to have actual trace file to explain it to you better. There are several things to consider. 1)

2019-07-27 16:10:40 +0000 received badge  Rapid Responder (source)
2019-07-11 11:33:41 +0000 commented answer Drawing actual TCP window size in Wireshark

So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND

2019-07-11 11:33:29 +0000 commented answer Drawing actual TCP window size in Wireshark

So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND

2019-06-05 10:44:27 +0000 received badge  Rapid Responder (source)
2019-06-05 10:44:27 +0000 answered a question How can I estimate the congestion window with the information shown in wireshark?

The task is quite complex and usually you can't do this. As current congestion window value is never transferred in pac

2019-05-29 07:19:10 +0000 edited answer what is the 'MA window' in the tcp throughput graph?

This is Moving Average Window (similar as here). As I understand it counts in seconds, so MA = 1 means Moving Average wi

2019-05-29 07:18:59 +0000 edited answer what is the 'MA window' in the tcp throughput graph?

This is Moving Average Window (similar as here). As I understand it count in seconds, so MA = 1 means Moving Average wit

2019-05-29 07:16:19 +0000 received badge  Rapid Responder (source)
2019-05-29 07:16:19 +0000 answered a question what is the 'MA window' in the tcp throughput graph?

This is Moving Average Window (similar as here)

2019-05-28 04:03:36 +0000 commented answer SSH Connection randomly drops (Palo Alto FW in between)

That's because the client emitted some data packets we don't see in the capture. For the rest network diagram is needed.

2019-05-28 03:58:24 +0000 commented answer SSH Connection randomly drops (Palo Alto FW in between)

That's because the client emitted some data packets we don't see in the capture. BTW as I understand Wireshark doesn't

2019-05-27 13:16:45 +0000 commented question SSH Connection randomly drops (Palo Alto FW in between)

A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol

2019-05-27 13:16:37 +0000 commented question SSH Connection randomly drops (Palo Alto FW in between)

A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol

2019-05-25 17:10:47 +0000 commented answer I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

You're welcome!

2019-05-25 14:29:33 +0000 commented question I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the s

2019-05-25 14:29:14 +0000 commented question I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

That did't work because there are two IP field in a packet - source IP and destination IP. If you add 3rd IP with the sa

2019-05-25 10:23:36 +0000 answered a question I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol.

host 1.1.1.1 and host 2.2.2.2 host 1.1.1.1 and host name.com Please also check this reference for other details.

2019-05-25 10:23:36 +0000 received badge  Rapid Responder (source)
2019-05-18 17:33:23 +0000 received badge  Popular Question (source)
2019-05-16 11:04:02 +0000 edited answer the actual tcp send window is not increased further

It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In

2019-05-16 11:03:24 +0000 answered a question the actual tcp send window is not increased further

It's hard to tell without seeing an actual PCAP, but usually getting stuck on constant (not slowly increasing) Bytes In

2019-05-16 11:03:24 +0000 received badge  Rapid Responder (source)
2019-05-16 09:50:06 +0000 commented answer smb or smb2 packets are all parsed to tcp

Can't see the screenshot..

2019-05-15 06:29:52 +0000 edited answer Question about the sequence number and next sequence number

If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt

2019-05-15 06:26:01 +0000 received badge  Rapid Responder (source)
2019-05-15 06:26:01 +0000 answered a question Question about the sequence number and next sequence number

If packet's Sequence Number and Next Sequence Number are equal that means the packet contains no data (TCP segment lengt

2019-05-10 21:35:47 +0000 received badge  Good Answer (source)
2019-05-10 21:35:47 +0000 received badge  Enlightened (source)