Ask Your Question

Jasper's profile - activity

2021-04-21 07:47:59 +0000 commented answer Anonymizing pcaps for sharing/analysis

I'll have to check into that - Tracewrangler can parse stacked VLAN tags but maybe I forgot to actually add code to remo

2021-04-02 13:34:03 +0000 commented answer How do I find two consecutive frames from the same IP source address

Sometimes you can solve this kind of problem if the higher level protocol dissectors have a "request in/answer in" field

2021-03-15 09:15:03 +0000 received badge  Rapid Responder (source)
2021-03-15 09:15:03 +0000 answered a question How do I start a capture in Wireshark via the command line?

You should use dumpcap instead of Wireshark, because that's what Wireshark uses to capture packets anyway. You can find

2020-08-05 13:47:10 +0000 commented answer how to recognize a duplicate packet in wireshark ?

First, no, the IP ID will be different, because the duplicate ACK is a TCP (layer 4) mechanism, and does not affect the

2020-08-05 13:43:55 +0000 commented answer How to avoid ICMP "Destination Protocol Unreachable" with ERSPAN to WIndows 10

You're welcome! This is a curious issue, unbinding everything except the npcap binding should mute the NIC completely. I

2020-06-28 10:01:39 +0000 commented question Network card not working properly after wireshark install

Does the problem go away if you de-install npcap (and keep Wireshark installed)?

2020-06-28 10:00:04 +0000 answered a question how to recognize a duplicate packet in wireshark ?

"True Duplicate" packets are completely identical, meaning that if you compare their bytes in the hex view you'll see th

2020-06-28 10:00:04 +0000 received badge  Rapid Responder (source)
2020-03-09 14:42:59 +0000 commented question List at least three ways to do this in Wireshark?

Look into the statistics menu, and check the available options. Hint: a connection is often also called a "flow", "strea

2020-03-07 11:18:54 +0000 received badge  Organizer (source)
2020-03-07 11:18:10 +0000 commented question List at least three ways to do this in Wireshark?

This sounds like a homework assignment to me. You might want to put in some effort to find out yourself, it's not that h

2020-03-06 14:45:58 +0000 edited answer Need help analyzing Wireshark captures

It's a little hard to say without knowing exactly what is going, but what I find interesting is that if you look at the

2020-03-06 14:45:03 +0000 answered a question Need help analyzing Wireshark captures

It's a little hard to say without knowing exactly what is going, but what I find interesting is that if you look at the

2020-01-24 16:47:24 +0000 commented question Why I can't see traffic between two old Sun computers in network?

Are you sure those computers are connected to the same network? How do you capture the packets? Is it a SPAN port?

2020-01-24 16:44:03 +0000 commented question how make a diff between two pcap files ?

I agree with @grahamb - both pcaps will be too different to do anything like that. Most likely the local capture will ha

2019-12-16 00:54:13 +0000 received badge  Nice Answer (source)
2019-12-05 15:55:19 +0000 commented question Continuously observing [TCP Previous segment not captured] , Ignored Unknown Record

You might want to look into sanitization of capture files. If your problem is on layers 1-4 you can remove/change any de

2019-09-30 18:25:14 +0000 answered a question When does TCP decide not to ACK every packet

The ACK frequency is basically something the TCP stack decides, so it depends on the operating system, the network stack

2019-09-30 18:25:14 +0000 received badge  Rapid Responder (source)
2019-09-01 21:33:12 +0000 commented question TCP ACK with 1460 Bytes of Data

Do you have a pcap file you could share?

2019-09-01 21:27:44 +0000 commented answer In TCP 3-way handshake, 3 segments will be sent (SYN, SYN/ACK, ACK). What happens if the third segment(ACK) is lost?

Sake is correct, of course. I just need to add (my OCD kicks in here) that if there is never an ACK (which can happen in

2019-06-25 06:18:48 +0000 commented answer Does running Wireshark on a Domain Controller degrade performance of the DC?

Better yet, don't use Wireshark or tshark. Use dumpcap, which is the best tool to do that (and is called by Wireshark an

2019-05-13 10:00:43 +0000 commented answer Do we need a pcap header format to display captured packets via named pipes on Wireshark?

Too sneaky ;-)

2019-05-11 23:36:55 +0000 received badge  Rapid Responder (source)
2019-05-11 23:36:55 +0000 answered a question How does wireshark determine if a TCP packet is out-of-order?

Doing this from a screenshot is suboptimal at best, especially without packet numbers, but let's try. If I get it wrong

2019-05-08 14:16:00 +0000 commented answer Help analyzing TCP connection sequence

In general you'll always see FIN and ACK together, because it signals the end from one side of the conversation and all

2019-05-04 23:04:20 +0000 answered a question Searching upwards

It looks like the forward/backward option wasn't yet ported to the QT UI. You might want to add an enhancement request a

2019-05-04 23:04:20 +0000 received badge  Rapid Responder (source)
2019-05-03 07:14:27 +0000 commented answer File upload stalling, many "bad" TCP packages

The Android phone might perform an automatic Path MTU detection when it fails to transfer large packets, learning the be

2019-04-21 10:11:52 +0000 commented answer Packet sniff noise

you could filter on tzsp after capturing both, and then "export specified packets" to a new pcapng file and open that to

2019-04-21 10:09:33 +0000 commented question TCP Retransmission - Delay with Windows 10!

I'm not sure I understand your example correctly, it's a little too abstract. If it's just a iperf test why not share th

2019-04-18 09:37:16 +0000 commented question The interface "Console" its not showing.

Can you give some more details? What do you mean by Interface "Console"? And why do you install such an old version?

2019-04-17 11:32:44 +0000 received badge  Rapid Responder (source)
2019-04-17 11:32:44 +0000 answered a question What is a good solution to capture Bluetooth traffic from captoglove?

Maybe this article could help: They're looking at various c

2019-04-17 11:29:40 +0000 received badge  Rapid Responder (source)
2019-04-17 11:29:40 +0000 answered a question Packet sniff noise

That looks like a misconfiguration - that many errors are highly unlikely and are usually a result of an improper captur

2019-04-17 11:01:50 +0000 received badge  Rapid Responder (source)
2019-04-17 11:01:50 +0000 answered a question How to enable all protocols in tshark?

You should create a new profile in Wireshark with all protocols enabled. The user can then switch back to his previous p

2019-04-14 12:47:09 +0000 received badge  Nice Answer (source)
2019-04-14 08:52:58 +0000 answered a question what is the difference between frame.time_delta and frame.time_delta_displayed?

It's only relevant when filters are applied. frame.time_delta will still show the delta time of a frame to its predecess

2019-04-14 08:52:58 +0000 received badge  Rapid Responder (source)
2019-04-11 12:58:41 +0000 commented answer Is WinPcap still being developed?

Yes, after it appeared stable enough :-)

2019-04-11 08:56:00 +0000 commented answer Is WinPcap still being developed?

This page is quite useful to compare npcap and WinPCAP:

2019-03-29 08:49:10 +0000 received badge  Rapid Responder (source)
2019-03-29 08:49:10 +0000 answered a question Vulnerabilities with 3.0

You could lookup the CVE numbers assigned to Wireshark and check which versions they apply to: https://www.cvedetails.c

2019-03-25 15:38:57 +0000 commented answer hosts file manager

hm no idea what I did wrong, but you're right - it works now...

2019-03-25 15:32:19 +0000 commented answer hosts file manager

Yes, I triple checked it, doesn't work. I learned on the developer mailing list that Roland is rewriting profile handlin

2019-03-23 10:44:50 +0000 received badge  Rapid Responder (source)
2019-03-23 10:44:50 +0000 answered a question Is there a plan to update the I/O graph to include a similar advanced options which allows for min/max/avg. Current graphing of things like bytes in flight are not accurate forcing the use of version 1 Wireshark.

As Wireshark development goes, implementing missing features or fixing unexpected/wrong behavior is not planned unless t