Ask Your Question

Landi's profile - activity

overview network karma followed questions activity
2021-09-22 21:33:35 +0000 commented question NPCAP 0.995 gives duplicate packets

Still having the same problems - I wonder why there is no solution for this?! NPCAP site also has lots of tickets like e
2021-09-22 21:29:27 +0000 received badge  Editor (source)
2021-09-22 21:29:27 +0000 edited question NPCAP 0.995 gives duplicate packets

NPCAP 0.995 gives duplicate packets Hey @all, Update: Still having the same issue on multiple devices with Wireshark 3.
2021-09-22 21:28:34 +0000 received badge  Famous Question (source)
2020-05-20 20:20:59 +0000 received badge  Notable Question (source)
2019-12-06 13:01:32 +0000 received badge  Famous Question (source)
2019-12-05 03:58:06 +0000 received badge  Popular Question (source)
2019-09-10 15:32:49 +0000 commented question NPCAP 0.995 gives duplicate packets

I have three machines running Wireshark 3.0.3 with npcap 0.995 and VMWare Workstation 15.1 - two of them are having the

2019-09-03 11:17:14 +0000 commented question NPCAP 0.995 gives duplicate packets

Thanks Graham, I fully acknowledge that it is NPCAP issue, I still thought it is useful to post it here for reference an
2019-09-03 09:39:11 +0000 asked a question NPCAP 0.995 gives duplicate packets

NPCAP 0.995 gives duplicate packets Hey @all, on my Lenovo X1 Carbon with Wireshark 3.0.3 the npcap installer 0.995 res
2019-08-05 18:09:44 +0000 received badge  Notable Question (source)
2019-05-04 20:07:40 +0000 received badge  Popular Question (source)
2018-10-29 15:32:47 +0000 received badge  Supporter (source)
2018-10-29 15:32:47 +0000 marked best answer filter for "data" to match packets

Dear all,

When I run tshark on a particular trace file (file1.pcap) where let's say frame #1 is important to me and I want to search for the exact same frame inside another trace file (file2.pcap), here is what I try to do:

  1. tshark -r file1.pcap -Y frame.number==1 -Tfields -e data This gives me the payload of the frame without its headers as hex stream (same as if I right-click inside the hexpane).
  2. For the other file where the exact same packet is also captured, I try to filter for that hex steam e.g. using tshark -r file2.pcap -Y data=="<paste from step1>" or tshark -r file2.pcap -Y data contains "<subset from that string>"

which both don't work.

However, if I use -Y "data contains 80:00:00" where 80:00:00 is just a random example it works.

So my question is how to match the -Tfields -e data output for "data" filtering without adding colons between every byte :)
2018-10-29 15:32:47 +0000 received badge  Scholar (source)
2018-10-29 15:32:42 +0000 commented answer filter for "data" to match packets

That's exactly what I figured - and for sure that works at least with -Tfields -e data.data and then searching for data=
2018-10-29 15:31:22 +0000 commented answer filter for "data" to match packets

That's exactly what I figured - and for sure that works at least with -Tfields -e data.data and then searching for data=
2018-10-28 17:41:24 +0000 asked a question filter for "data" to match packets

filter for "data" to match packets Dear all, when I run tshark on a particular trace file (file1.pcap) where let's say

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2