Spooky's profile - activity

Scope 239.x.x.x is like RFC1918 of the multicast world. It may be used by any provider and does not have to be unique. S

I didn't read the question the same way you did. I can see your point. Honestly, I was just trying to help.

Hi, What the capture shows is that you are not receiving IP traffic at all from remote hosts. You are seeing retransmi

Hi War Machine, I like Find Packet too because of the way it allows you to jump from one matching packet to the next.

Hi, I can assure you that all the volunteers working on Wireshark are not making any changes without good reasons. If

Hi, I think you want to capture WLAN packets to monitor traffic to your access point. You can set Wireshark to capture

Hi Ross, I did misunderstand. I couldn't think of an exemple where you would need this ARP information cached. As far

Hi. Have you tried winpcap for kicks? Are you running Wireshark with Admin rights?

Hi Ross, You can put your own ethers file in your Personal Configuration folder. (Help -> About Wireshark -> Fold

Hi Ross, You can put your own ethers file in your Personal Configuration folder. (Help -> About Wireshark -> Fold

Hi Arnaud, There are a few reasons you might see this traffic. One reason could be that your computer does initiate a

Hi Arnaud, There are a few reason you might see this traffic. One reason could be that your computer does initiate a T

If possible have you tried another (smaller) resolution?

Click on the app window then hold option + shift and drag the mouse to try and resize the window. Also, try looking at r

Hi, most residential gateway use NAT between the public IP address you get from the ISP and the private IP addresses on

Hi Musky, I don't see anything "wrong" in the capture but there is a "story" to tell. Since 192.168.136.43 initiates t

Hi Musky3913, Looking at the Window Size value for the first file (in your question) I see 296 bytes at most for 1.1.1.

Do you have more information on where this capture was taken? I don't see Window Scale option in TCP SYN segments. (SYN

You may share images and, better yet, PCAP files on public share like Google Drive, Dropbox, etc.

Hi Garry, I'll make this the answer to this post based on your last comments so it can help others as well. First x.x.

It would be helpful to see the actual PCAP to answer this question better. Timing may be an issue. Please post it onlin

It would be helpful to see the actual PCAP to answer this question better. Timings may be an issue. Please post it onli

Hi King Man, The "in-dialog" is added in the Info column by the SIP dissector itself. (See comment on line 2451) Becau

Hi Kurniawan, First of all, "QoS" is usually at the IP (or VLAN) layer not TCP itself. I'll assume you are talking abo

Hi J, There are a few possible reasons for seeing the same MAC address for IP adresses from different subnets. One pos

Hi SunMan, If you captured the session setup, you should be able to see the username used to connect to the share. I

Hi Glenn, Time Shift allows you to "shift" the timestamp on captured packets. This is helpful when looking at capture

I'm not sure what you are trying to do but a good way to see all IP in a capture is to go to Statistics -> Conversati

What kind of port mirroring are you using? Can you post a PCAP on a public share? There are certain mirrors that encapsu

Hi Anbu, In both your capture the server closes the TCP connection. Firefox closes the TCP connection with a correct t

Hi Robert, You can click on almost any fields and make it a column. So try to right-click on the ERSPAN ID field in th

Hi Bercut, Based on the code for netflow dissector these proprietary fields probably need to be added. The code looks mo

Hi, Are you able to see other fields (like SrcAddr, DstAddr, etc.) but not Cisco privates or no fields at all? Are you

Hi, Wireshark is probably not the tool you are looking for. You could set up a capture point on your network and then

Hi Penguin1024, You may run Wireshark in the background of your Linux distro but it may end up capturing a lot of traff

Glad I could help! Please mark the answer as correct (click the checkmark) so others may benefit from it in the future.

Hi I like using the frame.time field for this. You should see this field under Frame in the Packet details pane if you