Ask Your Question

Jasper's profile - activity

2019-09-30 18:25:14 +0000 received badge  Rapid Responder (source)
2019-09-30 18:25:14 +0000 answered a question When does TCP decide not to ACK every packet

The ACK frequency is basically something the TCP stack decides, so it depends on the operating system, the network stack

2019-09-01 21:33:12 +0000 commented question TCP ACK with 1460 Bytes of Data

Do you have a pcap file you could share?

2019-09-01 21:27:44 +0000 commented answer In TCP 3-way handshake, 3 segments will be sent (SYN, SYN/ACK, ACK). What happens if the third segment(ACK) is lost?

Sake is correct, of course. I just need to add (my OCD kicks in here) that if there is never an ACK (which can happen in

2019-06-25 06:18:48 +0000 commented answer Does running Wireshark on a Domain Controller degrade performance of the DC?

Better yet, don't use Wireshark or tshark. Use dumpcap, which is the best tool to do that (and is called by Wireshark an

2019-05-13 10:00:43 +0000 commented answer Do we need a pcap header format to display captured packets via named pipes on Wireshark?

Too sneaky ;-)

2019-05-11 23:36:55 +0000 answered a question How does wireshark determine if a TCP packet is out-of-order?

Doing this from a screenshot is suboptimal at best, especially without packet numbers, but let's try. If I get it wrong

2019-05-11 23:36:55 +0000 received badge  Rapid Responder (source)
2019-05-08 14:16:00 +0000 commented answer Help analyzing TCP connection sequence

In general you'll always see FIN and ACK together, because it signals the end from one side of the conversation and all

2019-05-04 23:04:20 +0000 received badge  Rapid Responder (source)
2019-05-04 23:04:20 +0000 answered a question Searching upwards

It looks like the forward/backward option wasn't yet ported to the QT UI. You might want to add an enhancement request a

2019-05-03 07:14:27 +0000 commented answer File upload stalling, many "bad" TCP packages

The Android phone might perform an automatic Path MTU detection when it fails to transfer large packets, learning the be

2019-04-21 10:11:52 +0000 commented answer Packet sniff noise

you could filter on tzsp after capturing both, and then "export specified packets" to a new pcapng file and open that to

2019-04-21 10:09:33 +0000 commented question TCP Retransmission - Delay with Windows 10!

I'm not sure I understand your example correctly, it's a little too abstract. If it's just a iperf test why not share th

2019-04-18 09:37:16 +0000 commented question The interface "Console" its not showing.

Can you give some more details? What do you mean by Interface "Console"? And why do you install such an old version?

2019-04-17 11:32:44 +0000 answered a question What is a good solution to capture Bluetooth traffic from captoglove?

Maybe this article could help: https://duo.com/decipher/bluetooth-hacking-tools-comparison They're looking at various c

2019-04-17 11:32:44 +0000 received badge  Rapid Responder (source)
2019-04-17 11:29:40 +0000 received badge  Rapid Responder (source)
2019-04-17 11:29:40 +0000 answered a question Packet sniff noise

That looks like a misconfiguration - that many errors are highly unlikely and are usually a result of an improper captur

2019-04-17 11:01:50 +0000 received badge  Rapid Responder (source)
2019-04-17 11:01:50 +0000 answered a question How to enable all protocols in tshark?

You should create a new profile in Wireshark with all protocols enabled. The user can then switch back to his previous p

2019-04-14 12:47:09 +0000 received badge  Nice Answer (source)
2019-04-14 08:52:58 +0000 received badge  Rapid Responder (source)
2019-04-14 08:52:58 +0000 answered a question what is the difference between frame.time_delta and frame.time_delta_displayed?

It's only relevant when filters are applied. frame.time_delta will still show the delta time of a frame to its predecess

2019-04-11 12:58:41 +0000 commented answer Is WinPcap still being developed?

Yes, after it appeared stable enough :-)

2019-04-11 08:56:00 +0000 commented answer Is WinPcap still being developed?

This page is quite useful to compare npcap and WinPCAP: https://nmap.org/npcap/vs-winpcap.html

2019-03-29 08:49:10 +0000 received badge  Rapid Responder (source)
2019-03-29 08:49:10 +0000 answered a question Vulnerabilities with 3.0

You could lookup the CVE numbers assigned to Wireshark and check which versions they apply to: https://www.cvedetails.c

2019-03-25 15:38:57 +0000 commented answer hosts file manager

hm no idea what I did wrong, but you're right - it works now...

2019-03-25 15:32:19 +0000 commented answer hosts file manager

Yes, I triple checked it, doesn't work. I learned on the developer mailing list that Roland is rewriting profile handlin

2019-03-23 10:44:50 +0000 received badge  Rapid Responder (source)
2019-03-23 10:44:50 +0000 answered a question Is there a plan to update the I/O graph to include a similar advanced options which allows for min/max/avg. Current graphing of things like bytes in flight are not accurate forcing the use of version 1 Wireshark.

As Wireshark development goes, implementing missing features or fixing unexpected/wrong behavior is not planned unless t

2019-03-21 10:43:56 +0000 answered a question hosts file manager

My first reaction was to try to put the hosts file in a profile folder so that it can be switched via profiles, but that

2019-03-21 10:43:56 +0000 received badge  Rapid Responder (source)
2019-02-07 12:26:15 +0000 edited answer TCP Dup ACK and TCP Previous segment

It seems highly unlikely that the TCP symptoms you pasted have anything to do with duplicate records in the database. A

2019-02-07 12:25:36 +0000 answered a question TCP Dup ACK and TCP Previous segment

It seems highly unlikely that the TCP symptoms you pasted have anything to do with duplicate records in the database. A

2019-02-07 12:25:36 +0000 received badge  Rapid Responder (source)
2019-02-06 14:06:21 +0000 received badge  Civic Duty (source)
2019-02-04 20:40:59 +0000 answered a question Does wireshark or can wireshark reassemble packets with TCP Out-of-Order warnings?

Wireshark can reassemble packets and does it, too, as long as the TCP setting "Allow Subdissectors to reassemble TCP str

2019-02-04 20:40:59 +0000 received badge  Rapid Responder (source)
2019-02-01 22:15:14 +0000 answered a question what filter would display just dns or icmp traffic from 8.8.8.8

If you really only want to see answers, you could uses (icmp or dns) and ip.src==8.8.8.8 If you want both requests a

2019-02-01 22:15:14 +0000 received badge  Rapid Responder (source)
2019-01-25 14:38:08 +0000 commented answer Can I skip "Finding Local Interfaces"?

Oh, right, I forgot to mention that my commands only affect the service on startup. To shut it down immediately you'd ne

2019-01-24 19:29:56 +0000 commented answer Can I skip "Finding Local Interfaces"?

In my case I wonder why, but extcap doesn't seem to be the problem - especially my tower PC starts Wireshark in fraction

2019-01-24 15:55:53 +0000 commented answer Can I skip "Finding Local Interfaces"?

Thanks @grahamb - I guess I'm on the "Old School" track :-)

2019-01-24 15:41:17 +0000 received badge  Rapid Responder (source)
2019-01-24 15:41:17 +0000 answered a question Can I skip "Finding Local Interfaces"?

What I do currently (on WIndows) is to stop / disable the autostart capture service. For that you need to run a elevated

2019-01-22 15:32:17 +0000 commented question Can be deleted layers that are before SCTP?

It's probably not going to work because of the link layer type. Wireshark needs to know what the first layer of the pack

2019-01-22 15:29:58 +0000 commented question Can be deleted layers that are before SCTP?

It's probably not going to work because of the link layer type. Out of curiosity - why do you want to do this at all? To

2019-01-21 14:31:38 +0000 received badge  Rapid Responder (source)