Spooky's profile - activity

A TCP connection always begins with a 3-way handshake: I find it unlikely that LDAP traffic over TCP would work without

Hi, From the 5 packets in the PCAP file, I can only offer some general analysis. Is the connection between the server

Hi, The two octets field is used to indicate payload size when the value is below 0x0600 (1536). Only when the value is

Hi Rasika, I'm not sure what you want to know here. Are you looking to troubleshoot latency or jitter in your implement

Hi, The best way to do this is with the original packet capture file inside Wireshark. Wireshark will do a lot of the

Hi, Packetized Elementary Stream (PES) is a data format for carrying elementary streams (audio, video, etc.) where thes

If this is a network security-related assignment then to answer your question you need to understand what is the basic d

Hi, In the shared PCAP we are not seeing a complete TCP 3-way handshake. Host 192.168.249.67 keeps trying to get a TCP

There are dnp3 display filters for sure. Are you talking about filtering during the capture itself?

You need to be more precise in what you want to analyze. The entire Statistics menu could fit your need.

Hi Andrew, I opened the PCAP and took a look at TCP conversations and sorted by the number of packets. You mentioned t

I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213?

This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what

Hi, Another reason for out of order may be fragmentation. Fragment arrives out of order from rest of traffic for instan

Hi, The trick to troubleshooting discards is to capture the traffic before it is dropped by the interface. I don't thi

If you go to i3d.net you see they are a hosting service. This traffic could be gaming related or possibly any of their

It's better to edit your question with a link to Dropbox so more people can try to help you.

Hi, This is not really a Wireshark question per se but I'll bite. I think most of my fellow network engineers would sa

If possible can you post the capture file on a public share?

Hi, There are two protocols that I can think off the top of my head that could be present in your capture where that in

You seem to be describing the behavior of packet loss but I'm not sure. Can you post the PCAP files on a public share?

Hi, There are two protocols that I can think off the top of my head that could be present in you capture where that inf

Hi, TCP SYN segment with Explicit Congestion Notification (ECN) in IP header can be dropped or have that feature remove

Hi VamsiKrishnaMeda, I have answered a similar question in the past. If the VM is running on your local PC then you sh

Hi Vam I have answered a similar question in the past. If the VM is running on your local PC then you should be able t

Bonjour Axel, You should keep reading on how you can use display filters to find stuff. I suggest you try using matche

Hi and welcome to Wireshark! To enable Wireshark to reassemble TCP streams you need to go to Edit and then Preferences.

Does this video help?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

And I might save you some pain by suggesting you use -s 0 (snaplen) so you capture the whole packet.

Are you the one running tcpdump? If so you can use -w <filename> to write to a PCAP file directly.

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

Hi PaleKing, I assume you have installed the latest version of Wireshark on your Windows 10 PC. You can set a capture

Please help us help you by posting details about your OS and what version of Wireshark you are using.