Ask Your Question

cmaynard's profile - activity

2019-09-21 18:25:41 +0000 answered a question capture only destination IPs

Maybe a better, simpler solution is to just run tshark, making use of its statistics options? For example: tshark -i s

2019-09-19 14:17:31 +0000 edited question Red RST, ACK Why?

Red RST, ACK Why? 230 28.715896 172.x.2.x 10.2.66.2 TCP 66 35191 → 443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK

2019-09-19 14:16:14 +0000 commented question capture only destination IPs

You can set a snaplen to only capture up to and including the IP header without saving the payload.

2019-09-19 13:28:09 +0000 received badge  Rapid Responder (source)
2019-09-19 13:28:09 +0000 answered a question Wireshark Column size Limitation

Maximum column widths are defined in column-info.h. If you want to increase the value(s), then you'll have to redefine

2019-09-16 17:27:12 +0000 commented answer Loopback npcap added in Win10 network

As a follow-up to this answer, it should be noted that beginning with Npcap version 0.9983 [2019-08-30], Npcap no longer

2019-09-16 16:02:51 +0000 answered a question LUA wireshark dissector - combine data from 2 UDP packets

Assuming the transport is TCP, your dissector will need to reassemble the TCP segments. Refer to the Wireshark Lua/Diss

2019-09-16 16:02:51 +0000 received badge  Rapid Responder (source)
2019-09-06 14:35:31 +0000 commented question TTAG timestamp protocol from CISCO NDB

If Wireshark isn't dissecting this data, then I'd advise you to open a Wireshark bug report at https://bugs.wireshark.or

2019-09-06 14:33:28 +0000 commented answer reading .txt files transferred in an FTP capture

I think a nicer long-term solution would be for Wireshark to be able to support the ability to export objects from ftp t

2019-09-06 13:56:15 +0000 commented question Decode a user specific packet

Have you looked at writing a Lua dissector to decode your data? There are a few wiki pages on the Wireshark site that s

2019-09-06 13:54:11 +0000 commented question Decode a user specific packet

Have you looked at writing a Lua dissector to decode your data? There are a few wiki pages on the Wireshark site that s

2019-09-06 13:44:52 +0000 commented question NPCAP 0.995 gives duplicate packets

I do not have any workaround to solve the issue One of the comments in Issue 1576 indicated that the issue is still pre

2019-09-06 13:26:18 +0000 commented question TCP ACK with 1460 Bytes of Data

In the meantime, maybe have a look at RFC 793 - Transmission Control Protocol?

2019-09-06 13:22:39 +0000 commented answer When will the downloads page documentation be updated to remove WinPCAP and replace with NPCAP (with current version number) as the stated packet capture tool?

If a bug is filed, then I would just note that the documentation should probably not remove the mention of WinPcap entir

2019-09-06 13:03:24 +0000 edited question I can't capture 802.11 on wireshark

I can't capture 802.11 on wireshark Please tell me why I can't capture. I checked both Monitor Mode and Promiscuous. B

2019-09-06 13:02:22 +0000 commented answer I can't capture 802.11 on wireshark

It's unclear to me if you actually tried capturing with tcpdump or not? The question only indicates that dumpcap was tr

2019-09-05 13:16:16 +0000 edited answer Loopback npcap added in Win10 network

So it would be ok to disable the loopback in Control Panel until we need it, right? Yes, it's perfectly fine to install

2019-09-05 13:15:00 +0000 answered a question Loopback npcap added in Win10 network

So it would be ok to disable the loopback in Control Panel until we need it, right? Yes, it's perfectly fine to install

2019-08-22 14:13:00 +0000 commented question Some special Data in a column (Packetlist)

My guess is that it's not possible, but maybe if you upload a small capture file somewhere (Dropbox, Drive, etc), then s

2019-08-22 11:33:09 +0000 edited question Is Wireshark 2.6.2 compatible with CYBG's proposed Windows 10 platform?

Wireshark 2.6.2 is compatible with Windows 10 Can you help with the following questions Wireshark 2.6.2 Can you please

2019-08-20 20:59:52 +0000 commented answer Can I set default *Find Packet...* settings?

No worries; we're all here to try to help and my comment wasn't intended to dismiss your answer outright, but just point

2019-08-20 14:50:56 +0000 commented answer Can I set default *Find Packet...* settings?

What if you're not searching based on a display filter? The Edit -> Find Packet (Ctrl+F) feature allows searching fo

2019-08-19 14:09:25 +0000 received badge  Rapid Responder (source)
2019-08-19 14:09:25 +0000 answered a question Can I set default *Find Packet...* settings?

Enhancement requests can be opened on the Wireshark Bugzilla site.

2019-08-14 15:19:36 +0000 commented question What does tell between 2 ip adresses mean

Recent activity on this question (even though it's been closed) caused me to look at it again. Having done so, would no

2019-08-13 13:30:10 +0000 answered a question AirPcap and Wireshark 3.03

From your Wireshark Help -> About Wireshark information: Running on 64-bit Windows 7 Service Pack 1, build 7601, wit

2019-08-13 13:24:50 +0000 edited answer AirPcap and Wireshark 3.03

Help About: Version 3.0.3 (v3.0.3-0-g6130b92b0ec6) Compiled (64-bit) with Qt 5.12.4, with WinPcap SDK (WpdPack) 4.1.2

2019-08-13 13:22:11 +0000 edited answer AirPcap and Wireshark 3.03

Help About: Version 3.0.3 (v3.0.3-0-g6130b92b0ec6) Compiled (64-bit) with Qt 5.12.4, with WinPcap SDK (WpdPack) 4.1.2

2019-08-13 13:16:54 +0000 edited answer AirPcap and Wireshark 3.03

Help About: Version 3.0.3 (v3.0.3-0-g6130b92b0ec6) Compiled (64-bit) with Qt 5.12.4, with WinPcap SDK (WpdPack) 4.1.2

2019-08-12 15:44:10 +0000 commented answer AirPcap and Wireshark 3.03

Have you tried re-installing the AirPcap drivers, paying close attention to the installation guide available here? Of n

2019-08-10 14:51:39 +0000 commented answer AirPcap and Wireshark 3.03

Can you verify that WinPcap is being used by Wireshark by posting your "Help -> About Wireshark" details? Perhaps wh

2019-08-10 14:29:15 +0000 commented question Wireshark not showing LAN

By options, do you mean interfaces? Do you have a capture driver installed and sufficient permissions to capture? Plea

2019-08-10 14:28:58 +0000 commented question Wireshark not showing LAN

By options, do you mean interfaces? Do you have a capture driver installed and sufficient permissions to capture? Plea

2019-08-09 23:01:48 +0000 received badge  Rapid Responder (source)
2019-08-09 23:01:48 +0000 answered a question Tool to sanitize packets

You can refer to the Wireshark Tools wiki page for a list of some tools that may meet your needs.

2019-08-08 16:06:08 +0000 edited question Can we append new filter content while pressing customized filter button but not replacing existing filter?

Can we append new filter content while pressing customized filter button but not replacing existing filter? Normally we

2019-08-08 16:02:35 +0000 answered a question Is there any way to restrict the length of data entered by an user in a request using wireshark?

Wireshark is a passive sniffer. It will dissect and display whatever information is made available to it, so if the dat

2019-08-08 16:02:35 +0000 received badge  Rapid Responder (source)
2019-08-08 14:20:17 +0000 commented question Is there any way to restrict the length of data entered by an user in a request using wireshark?

Your question is very vague. What data is being entered by the user where?

2019-08-08 14:14:54 +0000 answered a question Using Merge: Receiving Bad TCP Errors on Good Packets

The problem is very likely that the 5-tuples are the same and Wireshark isn't taking into account additional information

2019-08-07 13:47:04 +0000 commented answer extraction of all tcp streams with tshark

To this I will just add that if you're on the Windows platform, Tracewrangler, courtesy of @jasper, is an excellent tool

2019-08-06 13:37:37 +0000 commented answer view vlan tagging with Win10pcap, not npcap - a good idea?

From the Npcap Users' Guide: /vlan_support (deprecated, ignored) Support 802.1Q VLAN tag when capturing and sendin

2019-08-06 13:35:29 +0000 commented answer view vlan tagging with Win10pcap, not npcap - a good idea?

From the Npcap Users' Guide: /vlan_support (deprecated, ignored) Support 802.1Q VLAN tag when capturing and sendin

2019-08-05 01:27:51 +0000 received badge  Rapid Responder (source)
2019-08-05 01:27:51 +0000 answered a question Problems while exporting to csv

In this trace, I apply the duration field of the packet as a column. the duration field? I'm not sure which exact fiel

2019-07-31 15:14:29 +0000 commented question Is it possible to start a capture's timer when the capture button is clicked?

You should still be able to capture the marker though, right? You don't really care if the switch actually passes the p

2019-07-31 13:57:19 +0000 commented question Is it possible to start a capture's timer when the capture button is clicked?

I think you'd need to start capturing on another machine and then generate a packet (ping, for example) while simultaneo

2019-07-31 13:49:50 +0000 commented question Is it possible to start a capture's timer when the capture button is clicked?

I think you'd need to start capturing on another machine and then generate a packet (ping, for example) while simultaneo

2019-07-30 15:35:13 +0000 commented answer Disable check for update in 3.0.3 version

The only way I know to disable the manual "Check for Update" would be to modify the source code yourself to disable it.