2020-12-16 16:59:34 +0000 | received badge | ● Famous Question (source) |
2020-06-10 08:39:39 +0000 | commented answer | What exactly mean TSval and TSecr I've updated the link. |
2020-06-10 08:39:04 +0000 | edited answer | What exactly mean TSval and TSecr Chris Greer recently recorded nice introductory video on the subject. |
2020-03-24 09:52:53 +0000 | received badge | ● Notable Question (source) |
2020-03-24 09:52:53 +0000 | received badge | ● Famous Question (source) |
2020-03-03 16:14:53 +0000 | received badge | ● Rapid Responder (source) |
2020-03-03 16:14:53 +0000 | answered a question | ARP responses for non existing hosts Maybe Proxy ARP is on? |
2020-01-21 16:16:35 +0000 | commented question | NTP - show calculated fields in columns Ah, ok, thanks for pointing me to the report. |
2020-01-21 15:33:46 +0000 | asked a question | NTP - show calculated fields in columns NTP - show calculated fields in columns Hi all, I tried to create columns for NTP protocol fields (see screenshot), but |
2019-11-20 08:06:59 +0000 | received badge | ● Rapid Responder (source) |
2019-11-20 08:06:59 +0000 | answered a question | Can I limit the display filter to an specific occurrence Hey Christian, sure you can. Right click on the column, 'Edit', Occurrence field: |
2019-10-29 06:25:46 +0000 | edited answer | Excluding specific IP within many Subnets As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first |
2019-10-29 06:20:10 +0000 | received badge | ● Rapid Responder (source) |
2019-10-29 06:20:10 +0000 | answered a question | Excluding specific IP within many Subnets As an example of what @jaap said: !(ip.addr[0-1] == AC.10 and ip.addr[3] == 25) Filter out all addresses with first |
2019-10-23 18:57:28 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:55:40 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:54:07 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:53:14 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:52:38 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:52:09 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:51:08 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.10 |
2019-10-23 18:50:40 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Do you have a possibility to arrange packet capture on the Hyper-V side? For me it looks the next: packets from 10.100 |
2019-10-23 18:13:23 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could have been |
2019-10-23 18:10:20 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Thanks for the detailed information, will take a look soon. ..By FW I meant firmware, not firewall, that could be mislea |
2019-10-23 09:21:09 +0000 | commented answer | TCP DUP ACK/TCP Retransmission flood my network Could you please share network diagram (even simple one, just to see traffic path and endpoints) and capture point locat |
2019-10-23 08:36:12 +0000 | edited answer | TCP DUP ACK/TCP Retransmission flood my network From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review |
2019-10-23 08:30:08 +0000 | answered a question | TCP DUP ACK/TCP Retransmission flood my network From the very high packet rate and TTL not decreasing on per-packet basis I guess you have switching loop. Please review |
2019-10-23 08:30:08 +0000 | received badge | ● Rapid Responder (source) |
2019-08-02 04:05:35 +0000 | received badge | ● Rapid Responder (source) |
2019-08-02 04:05:35 +0000 | answered a question | TCP Keep-Alive on Linux - 10 seconds Hello, What application is this? Check its settings/configuration. I guess application could override system-wide value. |
2019-07-29 13:31:08 +0000 | commented answer | receive window and length You can use any file sharing service (Google Drive, Dropbox etc) and post a link here. Trace file is preferable. |
2019-07-29 09:03:39 +0000 | commented answer | receive window and length This is perfect time to see the capture or at least a screenshot. Total Bytes in flight = bytes sent (SEQ + last TCP.l |
2019-07-27 16:10:40 +0000 | answered a question | receive window and length Hi, It would be nice to have actual trace file to explain it to you better. There are several things to consider. 1) |
2019-07-27 16:10:40 +0000 | received badge | ● Rapid Responder (source) |
2019-07-11 11:33:41 +0000 | commented answer | Drawing actual TCP window size in Wireshark So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND |
2019-07-11 11:33:29 +0000 | commented answer | Drawing actual TCP window size in Wireshark So from the sender point of view the window is 150kB What window do you mean? A sender is aware of 2 windows: CWND |
2019-06-05 10:44:27 +0000 | received badge | ● Rapid Responder (source) |
2019-06-05 10:44:27 +0000 | answered a question | How can I estimate the congestion window with the information shown in wireshark? The task is quite complex and usually you can't do this. As current congestion window value is never transferred in pac |
2019-05-29 07:19:10 +0000 | edited answer | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here). As I understand it counts in seconds, so MA = 1 means Moving Average wi |
2019-05-29 07:18:59 +0000 | edited answer | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here). As I understand it count in seconds, so MA = 1 means Moving Average wit |
2019-05-29 07:16:19 +0000 | received badge | ● Rapid Responder (source) |
2019-05-29 07:16:19 +0000 | answered a question | what is the 'MA window' in the tcp throughput graph? This is Moving Average Window (similar as here) |
2019-05-28 04:03:36 +0000 | commented answer | SSH Connection randomly drops (Palo Alto FW in between) That's because the client emitted some data packets we don't see in the capture. For the rest network diagram is needed. |
2019-05-28 03:58:24 +0000 | commented answer | SSH Connection randomly drops (Palo Alto FW in between) That's because the client emitted some data packets we don't see in the capture. BTW as I understand Wireshark doesn't |
2019-05-27 13:16:45 +0000 | commented question | SSH Connection randomly drops (Palo Alto FW in between) A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol |
2019-05-27 13:16:37 +0000 | commented question | SSH Connection randomly drops (Palo Alto FW in between) A network diagram would be of a great help here because there is an asymmetric path involved together with FHRP protocol |
2019-05-25 17:10:47 +0000 | commented answer | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. You're welcome! |
2019-05-25 14:29:33 +0000 | commented question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. That did't work because there are two IP fields in a packet - source IP and destination IP. If you add 3rd IP with the s |
2019-05-25 14:29:14 +0000 | commented question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. That did't work because there are two IP field in a packet - source IP and destination IP. If you add 3rd IP with the sa |
2019-05-25 10:23:36 +0000 | answered a question | I need help with Wireshark Capturing filtering syntax of two IPs, my IP and one more, any protocol. host 1.1.1.1 and host 2.2.2.2 host 1.1.1.1 and host name.com Please also check this reference for other details. |