Ask Your Question

Spooky's profile - activity

2019-12-19 03:11:11 +0000 commented question How do I filter/capture/read packets of one protocol embedded in another?

There are dnp3 display filters for sure. Are you talking about filtering during the capture itself?

2019-12-19 03:08:39 +0000 commented question how to do statistical analysis using network boundaries

You need to be more precise in what you want to analyze. The entire Statistics menu could fit your need.

2019-12-19 03:05:04 +0000 answered a question Malformed Packets During Livestream

Hi Andrew, I opened the PCAP and took a look at TCP conversations and sorted by the number of packets. You mentioned t

2019-12-13 03:48:46 +0000 commented question Malformed Packets During Livestream

I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213?

2019-12-11 03:58:35 +0000 commented question Malformed Packets During Livestream

This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what

2019-12-11 01:48:05 +0000 answered a question Out of order impact?

Hi, Another reason for out of order may be fragmentation. Fragment arrives out of order from rest of traffic for instan

2019-12-11 01:35:00 +0000 received badge  Rapid Responder (source)
2019-12-11 01:35:00 +0000 answered a question High Datagrams Received Address Errors and Received Discarded how to troubleshoot with WireShark?

Hi, The trick to troubleshooting discards is to capture the traffic before it is dropped by the interface. I don't thi

2019-12-11 01:29:22 +0000 answered a question I was just wondering what this hosted-by.i3d.net source is

If you go to i3d.net you see they are a hosting service. This traffic could be gaming related or possibly any of their

2019-12-11 01:29:22 +0000 received badge  Rapid Responder (source)
2019-12-11 01:25:38 +0000 commented question Malformed Packets During Livestream

It's better to edit your question with a link to Dropbox so more people can try to help you.

2019-12-07 02:49:34 +0000 answered a question Healthy Network

Hi, This is not really a Wireshark question per se but I'll bite. I think most of my fellow network engineers would sa

2019-12-07 02:49:34 +0000 received badge  Rapid Responder (source)
2019-12-07 02:37:30 +0000 commented question Malformed Packets During Livestream

If possible can you post the capture file on a public share?

2019-12-03 22:15:38 +0000 edited answer How to find the make and model of a local router?

Hi, There are two protocols that I can think off the top of my head that could be present in your capture where that in

2019-12-03 03:44:00 +0000 commented question Previous segment not captured

You seem to be describing the behavior of packet loss but I'm not sure. Can you post the PCAP files on a public share?

2019-12-03 03:39:00 +0000 received badge  Rapid Responder (source)
2019-12-03 03:39:00 +0000 answered a question How to find the make and model of a local router?

Hi, There are two protocols that I can think off the top of my head that could be present in you capture where that inf

2019-11-14 23:18:29 +0000 answered a question why don't i see SYN ECN CWR

Hi, TCP SYN segment with Explicit Congestion Notification (ECN) in IP header can be dropped or have that feature remove

2019-11-14 23:18:29 +0000 received badge  Rapid Responder (source)
2019-09-26 02:51:56 +0000 edited answer Can I view the http request made on a browser in a VM on a remote server from Wireshark on my PC?

Hi VamsiKrishnaMeda, I have answered a similar question in the past. If the VM is running on your local PC then you sh

2019-09-26 02:51:26 +0000 received badge  Rapid Responder (source)
2019-09-26 02:51:26 +0000 answered a question Can I view the http request made on a browser in a VM on a remote server from Wireshark on my PC?

Hi Vam I have answered a similar question in the past. If the VM is running on your local PC then you should be able t

2019-09-26 02:37:12 +0000 answered a question How to find a file in a TCP flux

Bonjour Axel, You should keep reading on how you can use display filters to find stuff. I suggest you try using matche

2019-09-26 02:37:12 +0000 received badge  Rapid Responder (source)
2019-09-26 02:20:30 +0000 received badge  Rapid Responder (source)
2019-09-26 02:20:30 +0000 answered a question How do I put audio files from HTTP together when they're shown as "fragments"?

Hi and welcome to Wireshark! To enable Wireshark to reassemble TCP streams you need to go to Edit and then Preferences.

2019-09-26 02:08:35 +0000 commented question How to install a full Wireshark package on a Cisco Switch?

Does this video help?

2019-09-26 01:55:50 +0000 commented question How do I put audio files from HTTP together when they're shown as "fragments"?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

2019-09-26 01:54:58 +0000 commented question How do I put audio files from HTTP together when they're shown as "fragments"?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

2019-09-21 01:08:28 +0000 commented question How to convert TcpDump output to Pcap

And I might save you some pain by suggesting you use -s 0 (snaplen) so you capture the whole packet.

2019-09-20 23:33:14 +0000 commented question How to convert TcpDump output to Pcap

Are you the one running tcpdump? If so you can use -w <filename> to write to a PCAP file directly.

2019-09-19 02:57:19 +0000 edited answer Give me a hint

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

2019-09-19 02:56:04 +0000 received badge  Rapid Responder (source)
2019-09-19 02:56:04 +0000 answered a question Give me a hint

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

2019-09-17 01:58:55 +0000 answered a question Sniff traffic between Windows 10 PC and Xbox One Console

Hi PaleKing, I assume you have installed the latest version of Wireshark on your Windows 10 PC. You can set a capture

2019-09-17 01:58:55 +0000 received badge  Rapid Responder (source)
2019-09-14 00:51:38 +0000 commented question after a wireshark update my wire shark captures nothing....great update

Please help us help you by posting details about your OS and what version of Wireshark you are using.

2019-09-12 13:40:42 +0000 received badge  Supporter (source)
2019-09-11 20:45:18 +0000 received badge  Rapid Responder (source)
2019-09-11 20:45:18 +0000 answered a question track a packet though a network?

Hi Blackjack, Wireshark can do many wonderful things but not knowing enough about your particular issue, I'm going to s

2019-09-10 03:01:34 +0000 received badge  Rapid Responder (source)
2019-09-10 03:01:34 +0000 answered a question Network problems outage

Hi Tigerman, This is a very hard question to answer because you usually start with the capture and then ask for specifi

2019-09-07 02:32:31 +0000 commented question Decode a user specific packet

Have you tried removing the shim header with editcap (editcap -C) and then trying to decode the packets?

2019-09-07 02:21:33 +0000 answered a question Is it possible to re-transmit only the last packet at TCP flow?

Looking at host1_data.pcapng Up until frame 11774, .2 sends an ACK for every segment received from .1 But at this poi

2019-09-05 23:12:08 +0000 commented question Is it possible to re-transmit only the last packet at TCP flow?

Can you post link for host1_data.pcapng please. Both links are for host2_data.pcapng. Thanks.

2019-09-01 02:21:33 +0000 commented question Is it possible to re-transmit only the last packet at TCP flow?

The PSH flag usually causes the the receiver to ACK to sender. Is your application (very) very time sensitive? There is

2019-08-30 00:57:17 +0000 commented question Exporting RTP packets to WAV

Did you try VLC to play those .AU files?

2019-08-28 02:58:22 +0000 commented question The reason a TCP connection generate retransmission

On first line .2 hosts ACK number is 18321446 then .1 host sends 64512 bytes + 800 bytes. This should bring the ACK numb

2019-08-28 02:41:07 +0000 received badge  Rapid Responder (source)