2024-01-01 12:29:09 +0000 | received badge | ● Popular Question (source) |
2023-09-18 08:23:53 +0000 | received badge | ● Notable Question (source) |
2023-09-18 08:23:53 +0000 | received badge | ● Popular Question (source) |
2023-08-21 08:43:36 +0000 | received badge | ● Famous Question (source) |
2023-07-31 01:33:04 +0000 | received badge | ● Famous Question (source) |
2022-12-14 16:46:53 +0000 | commented question | Duplicated UDP stream IDs? Hi Chuck, 1) It's just default profile + Stream ID column added: https://drive.google.com/file/d/14xAk8tlOmEK1K-8ugP8ju |
2022-12-14 14:38:44 +0000 | asked a question | Duplicated UDP stream IDs? Duplicated UDP stream IDs? Hi All, Could you please tell why I see duplicate stream IDs in Conversations dialog: The |
2022-07-01 15:03:51 +0000 | marked best answer | Wireshark column - how to display "value" only? Hi all, Could you please tell if it is possible to set Wireshark column to display only actual field value, but not description of it? Pls see screenshot attached containing OSPF protocol. I'd rather have LS types displayed as numbers 1 to 9, not as such extra-long descriptions. PCAP sample |
2022-04-07 14:20:55 +0000 | marked best answer | BPF Byte filter for VLAN-IPv6-UDP stack Hi Guys, I'm struggling with BPF filter to match 2 Bytes inside UDP payload for the next stack: Ethernet-VLAN-IPv6-UDP. So I make the next expression: For some reason it does not work, no packet is matched. I make a step back and delete Byte matching part: This one works correctly matching all UDP inside IPv6. I then try the first one (with Byte offset), but on Ethernet-VLAN-IPv4-UDP - and it works again. So I checked compiled BPF and I see:
There is a check for v4 and v6.
There is no more check for v6. Am I missing something? I'd like to avoid going down the stack and making Ethernet Byte filter with big offsets. A good file to play with is in Johannes Weber blog: https://weberblog.net/ipv6-upper-laye... Thanks, Vlad |
2022-04-07 14:20:53 +0000 | commented answer | BPF Byte filter for VLAN-IPv6-UDP stack Ah, I see now, thanks Chuck! |
2022-04-07 11:44:19 +0000 | asked a question | BPF Byte filter for VLAN-IPv6-UDP stack BPF Byte filter for VLAN-IPv6-UDP stack Hi Guys, I'm struggling with BPF filter to match 2 Bytes inside UDP payload for |
2021-08-07 06:03:34 +0000 | received badge | ● Notable Question (source) |
2021-06-26 12:13:01 +0000 | received badge | ● Popular Question (source) |
2021-06-24 00:42:33 +0000 | received badge | ● Popular Question (source) |
2021-05-07 09:35:08 +0000 | received badge | ● Notable Question (source) |
2021-05-07 09:35:08 +0000 | received badge | ● Popular Question (source) |
2020-12-16 16:59:34 +0000 | received badge | ● Famous Question (source) |
2020-06-10 08:39:39 +0000 | commented answer | What exactly mean TSval and TSecr I've updated the link. |
2020-06-10 08:39:04 +0000 | edited answer | What exactly mean TSval and TSecr Chris Greer recently recorded nice introductory video on the subject. |
2020-03-24 09:52:53 +0000 | received badge | ● Notable Question (source) |
2020-03-24 09:52:53 +0000 | received badge | ● Famous Question (source) |
2020-03-03 16:14:53 +0000 | received badge | ● Rapid Responder (source) |
2020-03-03 16:14:53 +0000 | answered a question | ARP responses for non existing hosts Maybe Proxy ARP is on? |
2020-01-21 16:16:35 +0000 | commented question | NTP - show calculated fields in columns Ah, ok, thanks for pointing me to the report. |
2020-01-21 15:33:46 +0000 | asked a question | NTP - show calculated fields in columns NTP - show calculated fields in columns Hi all, I tried to create columns for NTP protocol fields (see screenshot), but |
2019-11-20 08:06:59 +0000 | answered a question | Can I limit the display filter to an specific occurrence Hey Christian, sure you can. Right click on the column, 'Edit', Occurrence field: |
2019-11-20 08:06:59 +0000 | received badge | ● Rapid Responder (source) |
2019-10-29 06:25:46 +0000 | edited answer | Excluding specific IP within many Subnets As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first |
2019-10-29 06:20:10 +0000 | answered a question | Excluding specific IP within many Subnets As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first |
2019-10-29 06:20:10 +0000 | received badge | ● Rapid Responder (source) |
2019-10-23 18:57:28 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:55:40 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:54:07 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:53:14 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:52:38 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:52:09 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:51:08 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:50:40 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.100 |
2019-10-23 18:13:23 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could have been |
2019-10-23 18:10:20 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could be mislea |
2019-10-23 09:21:09 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Could you please share network diagram (even simple one, just to see traffic path and endpoints) and capture point locat |
2019-10-23 08:36:12 +0000 | edited answer | TCP DUP ACK/TCP Retransmission flood my network From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review |
2019-10-23 08:30:08 +0000 | received badge | ● Rapid Responder (source) |
2019-10-23 08:30:08 +0000 | answered a question | TCP DUP ACK/TCP Retransmission flood my network From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review |
2019-08-02 04:05:35 +0000 | received badge | ● Rapid Responder (source) |
2019-08-02 04:05:35 +0000 | answered a question | TCP Keep-Alive on Linux - 10 seconds Hello, What application is this? Check its settings/configuration. I guess application could override system-wide value. |
2019-07-29 13:31:08 +0000 | commented answer | receive window and length You can use any file sharing service (Google Drive, Dropbox etc) and post a link here. Trace file is preferable. |
2019-07-29 09:03:39 +0000 | commented answer | receive window and length This is perfect time to see the capture or at least a screenshot. Total Bytes in flight = bytes sent (SEQ + last TCP.l |
2019-07-27 16:10:40 +0000 | received badge | ● Rapid Responder (source) |