Ask Your Question

Spooky's profile - activity

2021-09-01 14:30:38 +0000 commented answer Server ACK before Client ACK

A TCP connection always begins with a 3-way handshake: I find it unlikely that LDAP traffic over TCP would work without

2021-08-27 13:43:27 +0000 answered a question Server ACK before Client ACK

Hi, From the 5 packets in the PCAP file, I can only offer some general analysis. Is the connection between the server

2021-08-25 12:36:21 +0000 received badge  Rapid Responder (source)
2021-08-25 12:36:21 +0000 answered a question Unknown broadcast frame

Hi, The two octets field is used to indicate payload size when the value is below 0x0600 (1536). Only when the value is

2021-06-08 20:12:36 +0000 commented question Hi, in wireshark, for nfapi packets we are getting tx request first and then dl config request packets, and also packets are not proper some time delay is there between mib and sib packets?

Hi Rasika, I'm not sure what you want to know here. Are you looking to troubleshoot latency or jitter in your implement

2021-06-08 19:53:46 +0000 answered a question Hi all, is there a way of mapping out latency from a CSV output exported from Wireshark?

Hi, The best way to do this is with the original packet capture file inside Wireshark. Wireshark will do a lot of the

2021-06-08 19:53:46 +0000 received badge  Rapid Responder (source)
2020-07-08 03:06:28 +0000 received badge  Rapid Responder (source)
2020-07-08 03:06:28 +0000 answered a question Tracking i b p frames in a PCAP file

Hi, Packetized Elementary Stream (PES) is a data format for carrying elementary streams (audio, video, etc.) where thes

2020-06-06 02:57:54 +0000 commented question I have same Transaction ID for all packets in DNS. Is there possibility of DNS flood or DNS amp attack?

If this is a network security-related assignment then to answer your question you need to understand what is the basic d

2020-06-06 02:39:09 +0000 received badge  Rapid Responder (source)
2020-06-06 02:39:09 +0000 answered a question Web Forwarders frequently failing for some clients and not others

Hi, In the shared PCAP we are not seeing a complete TCP 3-way handshake. Host 192.168.249.67 keeps trying to get a TCP

2019-12-19 03:11:11 +0000 commented question How do I filter/capture/read packets of one protocol embedded in another?

There are dnp3 display filters for sure. Are you talking about filtering during the capture itself?

2019-12-19 03:08:39 +0000 commented question how to do statistical analysis using network boundaries

You need to be more precise in what you want to analyze. The entire Statistics menu could fit your need.

2019-12-19 03:05:04 +0000 answered a question Malformed Packets During Livestream

Hi Andrew, I opened the PCAP and took a look at TCP conversations and sorted by the number of packets. You mentioned t

2019-12-13 03:48:46 +0000 commented question Malformed Packets During Livestream

I don't see any traffic for an IP ending in .218. Did you mean 192.168.0.213?

2019-12-11 03:58:35 +0000 commented question Malformed Packets During Livestream

This is a huge file. I see about 50/50 split between UDP and TCP traffic by number of packets. Can you narrow down what

2019-12-11 01:48:05 +0000 answered a question Out of order impact?

Hi, Another reason for out of order may be fragmentation. Fragment arrives out of order from rest of traffic for instan

2019-12-11 01:35:00 +0000 received badge  Rapid Responder (source)
2019-12-11 01:35:00 +0000 answered a question High Datagrams Received Address Errors and Received Discarded how to troubleshoot with WireShark?

Hi, The trick to troubleshooting discards is to capture the traffic before it is dropped by the interface. I don't thi

2019-12-11 01:29:22 +0000 answered a question I was just wondering what this hosted-by.i3d.net source is

If you go to i3d.net you see they are a hosting service. This traffic could be gaming related or possibly any of their

2019-12-11 01:29:22 +0000 received badge  Rapid Responder (source)
2019-12-11 01:25:38 +0000 commented question Malformed Packets During Livestream

It's better to edit your question with a link to Dropbox so more people can try to help you.

2019-12-07 02:49:34 +0000 answered a question Healthy Network

Hi, This is not really a Wireshark question per se but I'll bite. I think most of my fellow network engineers would sa

2019-12-07 02:49:34 +0000 received badge  Rapid Responder (source)
2019-12-07 02:37:30 +0000 commented question Malformed Packets During Livestream

If possible can you post the capture file on a public share?

2019-12-03 22:15:38 +0000 edited answer How to find the make and model of a local router?

Hi, There are two protocols that I can think off the top of my head that could be present in your capture where that in

2019-12-03 03:44:00 +0000 commented question Previous segment not captured

You seem to be describing the behavior of packet loss but I'm not sure. Can you post the PCAP files on a public share?

2019-12-03 03:39:00 +0000 answered a question How to find the make and model of a local router?

Hi, There are two protocols that I can think off the top of my head that could be present in you capture where that inf

2019-12-03 03:39:00 +0000 received badge  Rapid Responder (source)
2019-11-14 23:18:29 +0000 answered a question why don't i see SYN ECN CWR

Hi, TCP SYN segment with Explicit Congestion Notification (ECN) in IP header can be dropped or have that feature remove

2019-11-14 23:18:29 +0000 received badge  Rapid Responder (source)
2019-09-26 02:51:56 +0000 edited answer Can I view the http request made on a browser in a VM on a remote server from Wireshark on my PC?

Hi VamsiKrishnaMeda, I have answered a similar question in the past. If the VM is running on your local PC then you sh

2019-09-26 02:51:26 +0000 received badge  Rapid Responder (source)
2019-09-26 02:51:26 +0000 answered a question Can I view the http request made on a browser in a VM on a remote server from Wireshark on my PC?

Hi Vam I have answered a similar question in the past. If the VM is running on your local PC then you should be able t

2019-09-26 02:37:12 +0000 answered a question How to find a file in a TCP flux

Bonjour Axel, You should keep reading on how you can use display filters to find stuff. I suggest you try using matche

2019-09-26 02:37:12 +0000 received badge  Rapid Responder (source)
2019-09-26 02:20:30 +0000 received badge  Rapid Responder (source)
2019-09-26 02:20:30 +0000 answered a question How do I put audio files from HTTP together when they're shown as "fragments"?

Hi and welcome to Wireshark! To enable Wireshark to reassemble TCP streams you need to go to Edit and then Preferences.

2019-09-26 02:08:35 +0000 commented question How to install a full Wireshark package on a Cisco Switch?

Does this video help?

2019-09-26 01:55:50 +0000 commented question How do I put audio files from HTTP together when they're shown as "fragments"?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

2019-09-26 01:54:58 +0000 commented question How do I put audio files from HTTP together when they're shown as "fragments"?

Did you enable Allow subdissector to reassemble TCP streams in Preferences for Protocol TCP?

2019-09-21 01:08:28 +0000 commented question How to convert TcpDump output to Pcap

And I might save you some pain by suggesting you use -s 0 (snaplen) so you capture the whole packet.

2019-09-20 23:33:14 +0000 commented question How to convert TcpDump output to Pcap

Are you the one running tcpdump? If so you can use -w <filename> to write to a PCAP file directly.

2019-09-19 02:57:19 +0000 edited answer Give me a hint

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

2019-09-19 02:56:04 +0000 received badge  Rapid Responder (source)
2019-09-19 02:56:04 +0000 answered a question Give me a hint

Hi Bob, You can start by looking at who was the sender and recipient of mail using SMTP filters. After a client connec

2019-09-17 01:58:55 +0000 answered a question Sniff traffic between Windows 10 PC and Xbox One Console

Hi PaleKing, I assume you have installed the latest version of Wireshark on your Windows 10 PC. You can set a capture

2019-09-17 01:58:55 +0000 received badge  Rapid Responder (source)
2019-09-14 00:51:38 +0000 commented question after a wireshark update my wire shark captures nothing....great update

Please help us help you by posting details about your OS and what version of Wireshark you are using.