Ask Your Question

Spooky's profile - activity

2019-06-14 22:52:54 +0000 answered a question ERSPAN ID - Adding Information to captured packets

Hi Robert, You can click on almost any fields and make it a column. So try to right-click on the ERSPAN ID field in th

2019-06-14 22:52:54 +0000 received badge  Rapid Responder (source)
2019-06-14 21:40:58 +0000 commented question How to add some field to decode netflow

Hi Bercut, Based on the code for netflow dissector these proprietary fields probably need to be added. The code looks mo

2019-06-13 22:03:21 +0000 commented question How to add some field to decode netflow

Hi, Are you able to see other fields (like SrcAddr, DstAddr, etc.) but not Cisco privates or no fields at all? Are you

2019-06-13 01:58:29 +0000 received badge  Autobiographer
2019-06-13 01:27:28 +0000 received badge  Citizen Patrol (source)
2019-06-11 22:07:58 +0000 answered a question How to get packet loss average

Hi, Wireshark is probably not the tool you are looking for. You could set up a capture point on your network and then

2019-06-11 21:53:57 +0000 answered a question How to log attempts of attack - before machine is crashing ?

Hi Penguin1024, You may run Wireshark in the background of your Linux distro but it may end up capturing a lot of traff

2019-06-11 21:53:57 +0000 received badge  Rapid Responder (source)
2019-06-11 21:31:23 +0000 commented answer how do i access data from a specific date and time frame?

Glad I could help! Please mark the answer as correct (click the checkmark) so others may benefit from it in the future.

2019-06-10 21:55:54 +0000 received badge  Rapid Responder (source)
2019-06-10 21:55:54 +0000 answered a question how do i access data from a specific date and time frame?

Hi I like using the frame.time field for this. You should see this field under Frame in the Packet details pane if you

2019-05-24 01:35:27 +0000 received badge  Rapid Responder (source)
2019-05-24 01:35:27 +0000 answered a question How to read values of type 'Label'

Hi, Guy Harris already answered a similar question and does a better job than I can. Cheers, JF

2019-05-21 21:09:54 +0000 answered a question Wireshark can sniff ethernet frame over serial port?

Assuming you can capture the serial traffic with Wireshark then it should be able to decode serial link frames but I'm n

2019-05-17 02:56:12 +0000 commented question Wireshark can sniff ethernet frame over serial port?

Using Ethernet over a serial link seems mutually exclusive. Can you provide more information? Ethernet frames run on Eth

2019-05-17 02:49:15 +0000 received badge  Rapid Responder (source)
2019-05-17 02:49:15 +0000 answered a question Can I capture from an IP phone?

Hi, Most likely no. You'll see the traffic for the PC NIC only. You would need to capture traffic on the switch to see

2019-04-16 17:53:24 +0000 received badge  Rapid Responder (source)
2019-04-16 17:53:24 +0000 answered a question RTP Packet Lost

Hi Anas, I've answered a similar question about previous segment not being captured. TCP segment not capture may be no

2019-04-09 17:02:03 +0000 received badge  Rapid Responder (source)
2019-04-09 17:02:03 +0000 answered a question Because the IP WAN appears in the source column and not the LAN

Hi, Not really a Wireshark question but I'm going to guess you are seeing the effect of NAT. (en español) You are prob

2019-03-27 01:55:49 +0000 answered a question Filter only NS and NA messages that used only in DAD (duplicate address detection process) in IPv6?

Hi Ahmed, I can't think of a way to filter NS and NA used for DAD because these ICMPv6 packets are the exact same forma

2019-03-21 19:43:42 +0000 edited answer What the display filter to only see traffic for a particular website?

Hi, This is how I do it but there are probably other (better?) ways. Capture all traffic when you are browsing to the

2019-03-15 01:05:13 +0000 received badge  Rapid Responder (source)
2019-03-15 01:05:13 +0000 answered a question TCP connection unexpected reset

Hi, It is interesting that the tablet initiating the TCP connection is the device sending the TCP RST. It could mean t

2019-03-13 03:04:28 +0000 received badge  Rapid Responder (source)
2019-03-13 03:04:28 +0000 answered a question Save or print dialogs (expert information, statistics) to text

Hi, You should be able to perform a right click on any lines in the expert information and see a "Copy" menu. The expe

2019-02-28 21:24:32 +0000 answered a question I cant capture packets when running Wireshark on a Raspberry pi

Hi, You probably need elevated privileges to see the interfaces in "Raspbian". I suggest you read this article. https

2019-02-28 21:17:11 +0000 commented question Can't see the requests starting from my pc

Can you provide more details about your setup? How and where do you capture? If you are capturing on your own PC or lap

2019-02-28 21:14:01 +0000 commented answer Using wireshark how do i identify an unknown devices ip/mac.

You need to figure out your MAC address so know that it is yours and not the CCTV device's MAC.

2019-02-28 21:14:01 +0000 received badge  Commentator
2019-02-28 21:12:52 +0000 edited answer Using wireshark how do i identify an unknown devices ip/mac.

Hi, If you are running WS on your laptop and capturing when it is plugged in the CCTV device then you should not have a

2019-02-28 21:11:47 +0000 received badge  Rapid Responder (source)
2019-02-28 21:11:47 +0000 answered a question Using wireshark how do i identify an unknown devices ip/mac.

Hi, If you are running WS on your laptop and capturing when it is plug in the CCTV device then you should not have a to

2019-02-28 20:34:40 +0000 received badge  Rapid Responder (source)
2019-02-28 20:34:40 +0000 answered a question Capture all traffics that is connected to home modem

Hi Mohamad, If you need to capture all traffic going through your modem then your best bet is to capture using a TAP be

2019-02-27 01:07:39 +0000 answered a question How to capture network activity on iOS simulator?

Hi Jinesh, The simulator app will use the Mac NIC (wired or wireless, you need to know when you capture) to reach the o

2019-02-26 00:07:17 +0000 answered a question What the display filter to only see traffic for a particular website?

Hi, This is how I do it but there are probably other (better?) ways. Capture all traffic when you are browsing to the

2019-02-25 23:48:45 +0000 commented answer How to find size of file downloaded?

Hi, I looked at the PCAP. It looks like something is wrong on the client (browser) side because we see it sends TLS 1.

2019-02-19 01:48:40 +0000 received badge  Rapid Responder (source)
2019-02-19 01:48:40 +0000 answered a question IO Graph Y-Axis

Hi, You seem to be running a newer version of Wireshark but looking at older I/O Graph references. Running version 2.6

2019-02-19 01:09:51 +0000 answered a question How to find size of file downloaded?

Hi, This will be difficult because www.7-zip.org is using HTTPS. If the file was downloaded over HTTP then you could s

2019-02-14 04:04:34 +0000 received badge  Rapid Responder (source)
2019-02-14 04:04:34 +0000 answered a question Video Buffer

Hi, TCP segment not capture may be normal if they are seen at the beginning of a capture or at least if you started cap

2019-02-14 03:48:12 +0000 received badge  Rapid Responder (source)
2019-02-14 03:48:12 +0000 answered a question troubleshooting Bad TCP

Hi, If you are playing online then most of your gaming traffic will be UDP packets. So filtering "BadTCP" will probably

2019-02-06 20:16:43 +0000 received badge  Rapid Responder (source)
2019-02-06 20:16:43 +0000 answered a question WiFi camera > Wireshark tcp dissect, data assembly > video player

Hi Darius, You can probably use Wireshark manually or a shell scripting language available on your platform to call tsh

2019-01-31 04:15:21 +0000 answered a question DNS amplification attack

Hi, A DNS amplification attack usually means that you are seeing "a lot" of DNS responses for queries that did not orig