2024-05-10 15:01:26 +0000 | commented answer | How can one play AMR Payload RTP Yes, ti will automatically be in the released Wireshark 4.4 packages for Windows now. I do not necessarily expect it to |
2024-05-09 21:48:22 +0000 | commented answer | How can one play AMR Payload RTP It should be added for the released packages for 4.4 when that is out. https://gitlab.com/wireshark/wireshark/-/issues/1 |
2024-05-01 12:38:07 +0000 | edited answer | How can one play AMR Payload RTP AMR support depends on an external library. The current Windows and macOS packages are built without the library, so the |
2024-05-01 12:36:21 +0000 | answered a question | How can one play AMR Payload RTP AMR support depends on an external library. The current Windows and macOS packages are built without the library, so the |
2024-04-27 01:11:09 +0000 | commented question | We are upgrading wireshark from 2.6.7 to 4.2.3.Need some info on keys and values in decoded data Yes, this must be the result of taking the packet dissections in text, and running some regex or other text processing o |
2024-04-27 00:58:34 +0000 | received badge | ● Rapid Responder (source) |
2024-04-27 00:58:34 +0000 | answered a question | Src and Dst IP not correct in my single host multiple loopback cards env. You're referring to the Flow Graph when you say "horizontal communication line", correct? That is a known issue that pro |
2024-04-27 00:53:44 +0000 | edited answer | Asciidoctor error on gmake wireshark_rpm : RHEL 8 install with ruby gems asciidoctor It's an RPM spec file issue. If you installed it outside an RPM, then the dependencies in the spec file won't be satisfi |
2024-04-27 00:52:34 +0000 | received badge | ● Rapid Responder (source) |
2024-04-27 00:52:34 +0000 | answered a question | Asciidoctor error on gmake wireshark_rpm : RHEL 8 install with ruby gems asciidoctor It's an RPM spec file issue. If you installed it outside an RPM, then the spec file won't report it as working. RHEL 8 |
2024-04-21 00:33:54 +0000 | commented answer | very tiny text What version of Wireshark are you using? On Windows, the size of the Menu items are controlled by the windows scaling se |
2024-04-13 16:37:13 +0000 | received badge | ● Rapid Responder (source) |
2024-04-13 16:37:13 +0000 | answered a question | Malformed bootp packet The client hardware address field ('chaddr') in DHCP is a fixed 16 octets. The hlen field indicates the length of the ha |
2024-04-11 16:29:26 +0000 | commented answer | invalid key format wpa-psk wpa-pwd It will be a little bit more user-friendly in 4.4.0: https://gitlab.com/wireshark/wireshark/-/commit/09e9b352d047ad1ae6c |
2024-04-03 21:58:29 +0000 | commented answer | Is there a table somewhere that tells us which versions of Wireshark are compatible with which Windows OS and Windows Server OS as well as an EOL of that version of Wireshark? https://www.wireshark.org/docs/wsug_html/#_microsoft_windows mentions the server versions, as the other page doesn't for |
2024-04-03 11:44:01 +0000 | received badge | ● Enthusiast |
2024-03-20 13:00:05 +0000 | commented question | GTPv1 - 14-digit IMSI marked as malformed That looks like a bug, there should be an issue. Note that the GTPv2 spec is different, as it specifically indicates a v |
2024-03-19 19:16:56 +0000 | commented answer | What do the colored boxes and line represent on the far right? (Can't find it in the documentation.... yet.) Is that packet colorization? No, there is a maximum number of packets that will be displayed in the minimap. For large capture files it will have man |
2024-03-18 19:12:11 +0000 | commented answer | Do ICMP packets have ports? @SYN-bit, you are right. For ICMP packets and others where in_error_pkt is set, we could avoid setting the port the way |
2024-03-18 17:01:40 +0000 | received badge | ● Rapid Responder (source) |
2024-03-18 17:01:40 +0000 | answered a question | What do the colored boxes and line represent on the far right? (Can't find it in the documentation.... yet.) Is that packet colorization? From the User's Guide: The packet list has an Intelligent Scrollbar which shows a miniature map of nearby packets. E |
2024-03-18 15:35:15 +0000 | commented answer | Do ICMP packets have ports? This is not unique to ICMP. Some protocol layers set addresses, some set ports. The ones that set addresses do not, as a |
2024-03-09 01:20:36 +0000 | received badge | ● Supporter (source) |
2024-03-03 21:55:28 +0000 | commented question | How to decode the first UDP datagram from UDP over socks5 interaction? Am I getting it right that I need to write this socks_udp_dissector myself and there is no available implementation? |
2024-03-02 17:08:11 +0000 | commented question | How to decode the first UDP datagram from UDP over socks5 interaction? It's a bug - the UDP conversation is getting added using the source and destination addresses of frame 14 (which has the |
2024-03-02 16:59:34 +0000 | commented question | How to decode the first UDP datagram from UDP over socks5 interaction? It's a bug - the UDP conversation is getting added using the source and destination addresses of frame 14 (which has the |
2024-03-02 16:58:03 +0000 | commented question | How to decode the first UDP datagram from UDP over socks5 interaction? It's a bug - the UDP conversation is getting added using the source and destination addresses of frame 14 (which has the |
2024-02-21 04:04:28 +0000 | answered a question | Wireshark 4.2 crashes on save config This MR possibly helps this, because it was definitely not correct to directly manipulate the preference pointer outside |
2024-02-21 03:57:05 +0000 | edited answer | Text2pcap ISDN Q931 HEX The advice in the Wiki about "How to Dissect Anything" is your best bet here. There is no link-layer type used in pcap |
2024-02-21 03:52:10 +0000 | commented answer | Text2pcap ISDN Q931 HEX Good point, that is an option, ever since 4.0. |
2024-02-20 22:09:25 +0000 | received badge | ● Rapid Responder (source) |
2024-02-20 22:09:25 +0000 | answered a question | Text2pcap ISDN Q931 HEX The advice in the Wiki about "How to Dissect Anything" is your best bet here. There is no link-layer type used in pcap |
2024-02-17 21:47:17 +0000 | edited answer | How to decrypt WPA with tshark If you're happy with "the packets that contain IPv6 or IPv6, as a pcap, starting at the IP layer with Raw IP encapsulati |
2024-02-17 21:45:46 +0000 | commented answer | How to decrypt WPA with tshark From tshark, the command is tshark -U IP -r Sniffer.pcap -w sniffer_ip.pcapng -o wlan:enable_decryption:TRUE -o 'uat:80 |
2024-02-17 21:35:03 +0000 | received badge | ● Rapid Responder (source) |
2024-02-17 21:35:03 +0000 | answered a question | How to decrypt WPA with tshark If you're happy with "the packets that contain IPv6 or IPv6, as a pcap, starting at the IP layer with Raw IP encapsulati |
2024-02-17 18:19:30 +0000 | answered a question | init.lua is not present in the latest wireshark From this commit, mentioned in the 4.2.0 release notes: The "init.lua" file is now loaded from any of the Lua plugin |
2024-02-16 16:33:56 +0000 | received badge | ● Commentator |
2024-02-16 16:33:56 +0000 | commented answer | How to decrypt WPA with tshark Somewhat related to https://gitlab.com/wireshark/wireshark/-/issues/19613 Two worthy enhancements: 1) Export PDUs for |
2024-02-14 12:27:56 +0000 | commented answer | how to get entire raw packets by using the tshark? It is a new feature that just landed in the git repository and will be available in 4.4.0, but is not in a released vers |
2024-02-14 01:55:47 +0000 | received badge | ● Rapid Responder (source) |
2024-02-14 01:55:47 +0000 | answered a question | Wireshark and nftables Sounds like the issue fixed by this commit. It is probably related to the androiddump extcap, which uses Bluetooth, try |
2024-02-14 01:31:33 +0000 | edited answer | how to get entire raw packets by using the tshark? This is issue #19076 and I don't believe that exactly what you're asking for is possible in current releases, though it |
2024-02-14 01:30:23 +0000 | received badge | ● Rapid Responder (source) |
2024-02-14 01:30:23 +0000 | answered a question | how to get entire raw packets by using the tshark? This is issue #19076. I have an open merge request that would allow you to enter something like: tshark -o 'gui.column |
2024-02-14 01:23:34 +0000 | commented question | how to get entire raw packets by using the tshark? It might help if you were a little more precise about what you want it to return. Can I assume that the hexdump output i |
2024-02-14 01:22:24 +0000 | commented question | how to get entire raw packets by using the tshark? It might help if you were a little more precise about what you want it to return. Can I assume that the hexdump output i |
2024-02-03 17:40:48 +0000 | commented question | Information about ingress/egress network interface in captures One option is to capture on eth0 and eth1 simultaneously as separate interfaces, instead of capturing on the bridge inte |
2024-02-02 12:03:53 +0000 | received badge | ● Rapid Responder (source) |
2024-02-02 12:03:53 +0000 | answered a question | How can I get the field's value when adding it to the protocol tree? Yes. If you want to add an item and retrieve the value of the item simultaneously, there are functions like proto_tree_a |