Ask Your Question

Jaap's profile - activity

2019-07-15 07:20:20 +0000 received badge  Rapid Responder (source)
2019-07-15 07:20:20 +0000 answered a question Does Wireshark support EVPN over SRv6

Currently there is no implementation for EVPN over SRv6 to be found in the BGP dissector. If you want to propose it as e

2019-07-15 07:16:56 +0000 edited question Does Wireshark support EVPN over SRv6

Does Wireshark support EVPN over SRv6 I caught a BGP packet with EVPN address-family included. Since the EVPN is over SR

2019-07-15 07:16:06 +0000 edited question Does Wireshark support EVPN over SRv6

do wireshark support EVPN over SRV6,cause i cant decode it i caught a BGP packet with EVPN address-famili included. sinc

2019-07-15 05:02:10 +0000 commented question Does Wireshark support EVPN over SRv6

Are you referring to what has now become draft-dawra-bess-srv6-services?

2019-07-11 19:09:58 +0000 edited question TLS 1.3 Hello Retry Messages

TLS 1.3 Hello Retry Messages Wireshark 3.0.2 seems to expect TLS 1.3 Hello Retry Messages as specified before draft-ietf

2019-07-10 05:41:26 +0000 answered a question How to call a Wireshark plugin protocol dissector programmatically?

Hope I understand correctly, but it seems as though the Burp dissector needs to recreate the same proprietary PDUs from

2019-07-10 05:41:26 +0000 received badge  Rapid Responder (source)
2019-07-09 21:03:40 +0000 commented question Should a vpn ip be seen in vpn tcp traffic

This totally depends on where you capture. Add that detail to your topology description.

2019-07-08 14:52:52 +0000 edited question How to open SSCOP/ALCAP protocol stack pcap?

How to open SSCOP/ALCAP protocol stack pcap? Manual setup of link layer 244 (http://www.tcpdump.org/linktypes.html) for

2019-07-06 10:31:47 +0000 answered a question Filtering Odd Packets

There's the editcap utility which is tailored to remove duplicates.

2019-07-06 10:31:47 +0000 received badge  Rapid Responder (source)
2019-07-05 05:26:29 +0000 answered a question Wireshark analyze and export rtp data

This analysis feature is build into the user interface of Wireshark. It is not available from the command line, neither

2019-07-05 05:26:29 +0000 received badge  Rapid Responder (source)
2019-07-04 05:57:21 +0000 commented question can't capture on any interface in OSX 10.14

I'm pretty sure these should be owned by root, while you're supposed to be member of the access_bpf group.

2019-07-02 16:06:57 +0000 answered a question Finding DTMF type

The fact that you see RTP events tells me that the DTMF tones are transferred by means of RFC 2833, or rather RFC 4733.

2019-07-02 16:06:57 +0000 received badge  Rapid Responder (source)
2019-07-02 16:01:58 +0000 edited question Finding DTMF type

Finding DTMF type I have a Wireshark capture with DTMF tones send. With rtpevent I can see the tones typed. I would like

2019-07-02 16:00:51 +0000 edited question Finding DTMF type

find dtmf type i have a wireshark with dtmf tones send. with rtpevent i can see the tones typed. i would like to find th

2019-06-28 20:26:50 +0000 received badge  Rapid Responder (source)
2019-06-28 20:26:50 +0000 answered a question SIP packets are decoded in 1.12.3 but not in 2.2.0

Have the co-worker very carefully review the dissector settings of the dissectors involved. Since it's known which frame

2019-06-27 20:20:22 +0000 answered a question TLS Record has two versions

Look into the TLS handshake itself, there you'll see the handshake version which is the version the client supports. Thi

2019-06-27 20:20:22 +0000 received badge  Rapid Responder (source)
2019-06-27 17:21:22 +0000 commented question problem clears while Wireshark is running

Any optimisations (e.g., offloading) or other 'helpful' software features installed on the network interface, which inte

2019-06-27 06:04:19 +0000 commented question problem clears while Wireshark is running

And have you made the capture with promiscuous mode on and off, to gauge what influence that has?

2019-06-26 09:55:21 +0000 commented answer snmp v3 not decoding properly

Works fine for me (using SHA1 and AES) so be very specific in your bug report as to what you do and illustrate with a pr

2019-06-25 06:09:06 +0000 received badge  Rapid Responder (source)
2019-06-25 06:09:06 +0000 answered a question Is Brotli content-encoding supported?

It will come in Wireshark 3.2. For now you'll need the development build (3.1) for that.

2019-06-24 12:27:21 +0000 commented question how to use wireshark with port mirroring

What makes you think this is because of 'this Wireshark PC'?

2019-06-24 12:27:08 +0000 commented question how to use wireshark with port mirroring

What makes you think this is because 'this Wireshark PC'?

2019-06-23 06:02:09 +0000 answered a question Identifying source & destination port #'s

Few things. The browser opens one (or more) TCP connections to the bing server to get the HTTP page information, but th

2019-06-23 06:02:09 +0000 received badge  Rapid Responder (source)
2019-06-23 05:44:58 +0000 edited question Identifying source & destination port #'s

Identifying source & destination port #'s New to wireshark. Not wanting anyone to spend too much time in answering

2019-06-21 19:34:47 +0000 received badge  Rapid Responder (source)
2019-06-21 19:34:47 +0000 answered a question Wireshark indicates that MIB modules are missing. It reports the error when reading RFC1215 MIB. What additional MIBs are required?

You would have to check the IMPORT clauses in the file containing RFC1215 MIB. It could be the RFC1155-SMI MIB file

2019-06-21 11:23:27 +0000 answered a question dissector or decoding for data payload

There may be several ways to go about this. One route is to write a Lua script for your extensions. This uses an API exp

2019-06-21 11:23:27 +0000 received badge  Rapid Responder (source)
2019-06-21 08:36:38 +0000 commented answer SYN,ACK not followed by ACK response (noob question)

May I point you to this book by Chris Sanders, one of this years SharkFest keynote speakers.

2019-06-20 21:33:32 +0000 received badge  Rapid Responder (source)
2019-06-20 21:33:32 +0000 answered a question Transcribing audio from dynamic RTP's

You'll need to have the media session protocol captured as well (e.g., H.245 or SDP) in order to know what dynamic codec

2019-06-18 20:32:37 +0000 commented answer Dissector to parse smtp with specific content, but let normal smtp dissector handle it otherwise.

No, the custom headers dialog should speak for itself.

2019-06-18 16:21:18 +0000 commented question lua dissector not called

That second part is a new question, so please post is as such.

2019-06-17 20:56:49 +0000 commented answer Why is "show packet bytes Ctrl-Shift-O" grayed out and not working?

That's not the packet details pane, that's the packet list.

2019-06-17 19:45:43 +0000 answered a question Why is "show packet bytes Ctrl-Shift-O" grayed out and not working?

This comes from the packet details pane right context menu. Therefore you have to select a line in the packet details pa

2019-06-17 19:45:43 +0000 received badge  Rapid Responder (source)
2019-06-15 20:24:26 +0000 answered a question ss7pcs to accomodate only point code without network indicator

Such requests are Enhancement requests, which can be filled in Bugzilla with as much relevant information as possible an

2019-06-15 20:24:26 +0000 received badge  Rapid Responder (source)
2019-06-14 15:04:47 +0000 commented question Wireshark (Version 3.0.0 (v3.0.0-0-g937e33de) ) always shows DSCP value as CS0 for TCP and CS7 for UDP

Through the use of a tap or monitor port on the switch. There are numerous descriptions out there.

2019-06-13 20:27:25 +0000 commented answer Asterix Cat21 (ads-b) decode

I don't have such file, so can't provide it Maybe they are out there on the internet.

2019-06-13 20:22:39 +0000 commented answer Asterix Cat 240 Decode

The code for the existing dissector is here and this is the file to which the code should be added.