Ask Your Question

cmaynard's profile - activity

2019-11-13 16:13:18 +0000 edited answer How do I extract the hex section from a pcap file?

Extra fields are specified in the command by adding a -e argument with the field name, use multiple -e field.name argume

2019-11-13 00:13:53 +0000 edited answer Getting specific fields from packets

I would recommend using tshark for this purpose. For example: tshark -r huge.pcap -Y "gtp.message == 0x10" -T fields -

2019-11-12 20:12:01 +0000 received badge  Rapid Responder (source)
2019-11-12 20:12:01 +0000 answered a question Getting specific fields from packets

I would recommend using tshark for this purpose. For example: tshark -r huge.pcap -Y "gtp.message == 0x10" -T fields -

2019-11-12 15:33:43 +0000 commented question Version 3.0.6 -e data.data no colon separator

@grahamb, an example would be, using the capture file from Bug 15303: tshark -r eth-fcs-status-bad-from-onboard-NIC.pca

2019-11-07 14:40:58 +0000 commented question I am not able to find the correct/wrong "frame check sequence" in wireshark v3.0.2. All it show is [unverified]. How do i find the wlan.fcs.status==1 in this version?

Can you check the display filter name you reference? I can't find fcs.status in the Field Reference Guide.

2019-11-07 14:38:27 +0000 received badge  Rapid Responder (source)
2019-11-07 14:38:27 +0000 answered a question Technical Support Expiration Date

Wireshark 2.6 is scheduled to go "End of Life" October 18, 2020. You can refer to the Wireshark LifeCycle wiki page for

2019-11-04 17:03:12 +0000 commented answer Next Wireshark stable release version and date

Well, the question was about the next stable release version and release date, which is only listed on the Roadmap page,

2019-11-04 15:12:32 +0000 answered a question Next Wireshark stable release version and date

The next release of Wireshark is currently scheduled for December 4, 2019, but you can always find out when the next rel

2019-11-04 15:12:32 +0000 received badge  Rapid Responder (source)
2019-11-01 17:32:12 +0000 commented question AskBot sort by activity does not consider comment times

I do feel that it's an Askbot enhancement bug, but the problem is that unless Askbot provides such an option to allow co

2019-11-01 14:41:06 +0000 received badge  Famous Question (source)
2019-10-30 01:08:49 +0000 edited question How do I get free WiFi?

[email protected] How do I get free WiFi

2019-10-28 13:36:00 +0000 commented answer How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

You could try asking on the wireshark-users mailing list: https://www.wireshark.org/lists/?

2019-10-25 13:45:14 +0000 commented answer How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

As I understand it, the initial window size basically serves as an upper bound for the window size. For my test system

2019-10-25 03:29:37 +0000 edited answer Why isn't Wireshark marked as malware by Antivirus?

I'm curious as to why Wireshark, with it's powerful monitoring abilities, isn't detected and marked as malware by ant

2019-10-24 14:43:48 +0000 commented answer Field.new("diameter.CC-Request-Type") recognized in Window but not in Linux tshark

Well, in this case it seems like the diameter dissector was disabled for some reason, so some diameter-related files wer

2019-10-24 12:42:05 +0000 commented answer How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

Just the opposite. The Client initiates the connection, so the the Client's receive window size is in the SYN packet wh

2019-10-23 23:58:00 +0000 commented question How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

Hi Bubbasnmp, Please find below ethtool output Features for bond2: rx-checksumming: off [fixed] tx-checksumming: on

2019-10-23 18:42:02 +0000 commented answer How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

Here's a link to just one of many articles related to TCP tuning that you might find interesting: https://cromwell-intl

2019-10-23 18:31:34 +0000 edited answer how to download latest wireshark version dynamically?

Can't the Wireshark PAD file be used for this purpose? (The file is documented at https://www.wireshark.org/download.ht

2019-10-23 18:30:45 +0000 answered a question how to download latest wireshark version dynamically?

Can't the Wireshark PAD file be used for this purpose?

2019-10-23 18:30:45 +0000 received badge  Rapid Responder (source)
2019-10-23 17:02:10 +0000 received badge  Rapid Responder (source)
2019-10-23 17:02:10 +0000 answered a question Field.new("diameter.CC-Request-Type") recognized in Window but not in Linux tshark

with Lua 5.1.4 I'm not sure if this is relevant to the problem or not, but my version of Wireshark on Windows uses Lua

2019-10-23 16:45:24 +0000 edited question Field.new("diameter.CC-Request-Type") recognized in Window but not in Linux tshark

Field.new("diameter.CC-Request-Type") recognized in Window but not in Linux tshark Hi, I run the following in LUA scrip

2019-10-23 16:37:03 +0000 received badge  Rapid Responder (source)
2019-10-23 16:37:03 +0000 answered a question How to Identify TCP Initial receive window from Wireshark trace and what is the exact benefit of it

There's a lot to unpack here. We are running on Linux 7.1 I guess you meant Red Hat 7.1, so according to https://acces

2019-10-23 13:05:37 +0000 edited question dumpcap -a duration:XX not working when capturing from Napatech card

dumpcap -a duration:XX not working How dumpcap gets time to calculate the timeout for -a duration:XX parameter handling?

2019-10-22 13:02:49 +0000 commented question Filter out LDAP simple bind request for ROOT

Try posting a capture file online somewhere and identifying packets that you don't want your filter to match vs. packets

2019-10-21 20:13:57 +0000 commented question TLS Inspect / View

Have you looked at https://wiki.wireshark.org/TLS?

2019-10-21 13:19:39 +0000 commented answer How does wireshark determine the application data protocol when the message is TLS encrypted?

Yes, that's correct. From packet-mqtt.c, you can see the 2 port registrations being done, one for unencrypted MQTT traf

2019-10-18 17:08:07 +0000 commented answer How to increase the USB snap/buffer length to capture bigger packages?

To close the loop here, the value of WTAP_MAX_PACKET_SIZE_USBPCAP has been raised from 1MiB to 128MiB. See Bug 15985 fo

2019-10-17 14:46:40 +0000 answered a question Something Like UNIX Tee in Windows For Tshark

On Windows, if you have Cygwin installed, you may be able to accomplish this using tail. For example, assuming the web

2019-10-17 14:46:40 +0000 received badge  Rapid Responder (source)
2019-10-16 18:09:45 +0000 commented answer How to increase the USB snap/buffer length to capture bigger packages?

Or possibly this was the issue fixed in USBPcap 1.4.1.0? From https://github.com/desowin/usbpcap/releases/tag/1.4.1.0:

2019-10-16 14:59:29 +0000 answered a question Is it possible to change the rate in which the draw function of a tap is called?

The tap update interval is dictated by the value of TAP_UPDATE_DEFAULT_INTERVAL, currently defined in epan/prefs.h as 30

2019-10-16 14:59:29 +0000 received badge  Rapid Responder (source)
2019-10-16 14:29:58 +0000 commented question Wireshark doesn't capture logs after a point of time for Wireless network

First, as @xinxolHH suggested, don't use Wireshark for long-term capturing, use dumpcap instead. "... and then when the

2019-10-16 14:29:46 +0000 commented question Wireshark doesn't capture logs after a point of time for Wireless network

First, as @xinxolHH suggested, don't use Wireshark for long-term capturing, use dumpcap instead. "... and then when the

2019-10-16 13:52:19 +0000 commented question How to increase the USB snap/buffer length to capture bigger packages?

What value did you try for the snaplen? According to Wireshark source code wiretap/wtap.h header file, you should at le

2019-10-15 13:57:12 +0000 commented answer Is there a way to change the default location of the personal config folder?

I don't see a a way to do this in Wireshark for Windows, or Mac. On Windows: Control Panel -> All Control Panel Ite

2019-10-13 22:45:09 +0000 commented question How do I solve the problem that interfaces do not appear to me?

I'm assuming the npcap driver has been started, but can you verify? What happens when you run, net start npcap? Does i

2019-10-13 14:58:00 +0000 commented question How do I solve the problem that interfaces do not appear to me?

Can you try uninstalling Npcap version 0.9982 and installing Npcap version 0.9983 ? https://nmap.org/npcap/dist/npcap-

2019-10-09 19:10:24 +0000 commented question How do I solve the problem that interfaces do not appear to me?

Please provide Wireshark's Help -> About Wireshark information.

2019-10-08 14:58:10 +0000 commented answer Is there a way to change the default location of the personal config folder?

This comment belongs under Sake's answer, not mine, since he's the one who suggested using symlinks. Can you add your c

2019-10-08 14:57:55 +0000 commented answer Is there a way to change the default location of the personal config folder?

This comment belongs under Sake's answer, not mine, since he's the one who suggesting using symlinks. Can you add your

2019-10-07 16:26:34 +0000 commented answer Lua - Get string for a ProtoField that uses a lookup table

I don't think it's quite that simple. In your example, what happens when selectionValue is a value other than 1, 2, or

2019-10-07 14:26:13 +0000 edited answer Is there a way to change the default location of the personal config folder?

The easiest way is to create a folder in your dropbox folder (or any other folder on your system) and then symlink the w