Spooky's profile - activity

Hi, Packetized Elementary Stream (PES) is a data format for carrying elementary streams (audio, video, etc.) where thes

If this is a network security-related assignment then to answer your question you need to understand what is the basic d

Hi, In the shared PCAP we are not seeing a complete TCP 3-way handshake. Host 192.168.249.67 keeps trying to get a TCP

There are dnp3 display filters for sure. Are you talking about filtering during the capture itself?

You need to be more precise in what you want to analyze. The entire Statistics menu could fit your need.

Hi Andrew, I opened the PCAP and took a look at TCP conversations and sorted by the number of packets. You mentioned t

I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213?

This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what

Hi, Another reason for out of order may be fragmentation. Fragment arrives out of order from rest of traffic for instan

Hi, The trick to troubleshooting discards is to capture the traffic before it is dropped by the interface. I don't thi

If you go to i3d.net you see they are a hosting service. This traffic could be gaming related or possibly any of their

It's better to edit your question with a link to Dropbox so more people can try to help you.

Hi, This is not really a Wireshark question per se but I'll bite. I think most of my fellow network engineers would sa

If possible can you post the capture file on a public share?

Hi, There are two protocols that I can think off the top of my head that could be present in your capture where that in

You seem to be describing the behavior of packet loss but I'm not sure. Can you post the PCAP files on a public share?

Hi, There are two protocols that I can think off the top of my head that could be present in you capture where that inf

Hi, TCP SYN segment with Explicit Congestion Notification (ECN) in IP header can be dropped or have that feature remove

Hi VamsiKrishnaMeda, I have answered a similar question in the past. If the VM is running on your local PC then you sh

Hi Vam I have answered a similar question in the past. If the VM is running on your local PC then you should be able t

Bonjour Axel, You should keep reading on how you can use display filters to find stuff. I suggest you try using matche

Hi and welcome to Wireshark! To enable Wireshark to reassemble TCP streams you need to go to Edit and then Preferences.

Does this video help?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

And I might save you some pain by suggesting you use -s 0 (snaplen) so you capture the whole packet.

Are you the one running tcpdump? If so you can use -w <filename> to write to a PCAP file directly.

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

Hi PaleKing, I assume you have installed the latest version of Wireshark on your Windows 10 PC. You can set a capture

Please help us help you by posting details about your OS and what version of Wireshark you are using.

Hi Blackjack, Wireshark can do many wonderful things but not knowing enough about your particular issue, I'm going to s

Hi Tigerman, This is a very hard question to answer because you usually start with the capture and then ask for specifi

Have you tried removing the shim header with editcap (editcap -C) and then trying to decode the packets?

Looking at host1_data.pcapng Up until frame 11774, .2 sends an ACK for every segment received from .1 But at this poi