Ask Your Question

cmaynard's profile - activity

2020-05-28 00:09:39 +0000 answered a question How to monitor Wi-Fi communication?

The capture setup for WLAN depends on a number of factors, not the least of which is the operating system on the capture

2020-05-28 00:09:39 +0000 received badge  Rapid Responder (source)
2020-05-23 15:15:31 +0000 edited answer Tshark frame.time format

As suggested by bubbasnmp you can use -e _ws.col.Time. You can then use tshark's -t option to change the way that colum

2020-05-22 22:31:27 +0000 commented answer BPF boolean logic

Note: You can also check the compiled BPF using dumpcap or tcpdump. Examples: dumpcap.exe -d -f "(tcp && port

2020-05-22 15:50:22 +0000 commented answer Tshark frame.time format

Oh yeah, it's definitely going to be slower than if it was built-in. It's still a work-around, but it may suffice for m

2020-05-22 15:43:29 +0000 edited answer Tshark frame.time format

To avoid the need for recompiling Wireshark, you could consider implementing a Lua post-dissector that reformats the fra

2020-05-22 15:33:54 +0000 answered a question Tshark frame.time format

To avoid the need for recompiling Wireshark, you could consider implementing a Lua post-dissector that reformats the fra

2020-05-22 15:33:54 +0000 received badge  Rapid Responder (source)
2020-05-21 21:20:22 +0000 commented question Wireshark OUI Lookup Tool Broken

I didn't intend for it to be a replacement, but more as inspiration. Why care what the octet separator is at all?

2020-05-21 21:15:02 +0000 commented question Wireshark OUI Lookup Tool Broken

This site seems to provide better results for its lookup tool: https://aruljohn.com/mac.pl. It doesn't care how many oc

2020-05-21 18:53:31 +0000 edited answer Wireshark OUI Lookup Tool Broken

This looks like bug 16506.

2020-05-21 18:42:36 +0000 commented question Wireshark OUI Lookup Tool Broken

Sorry, I didn't mean to imply that all formats worked, only those formats that I listed. The bug I linked to refers to

2020-05-21 18:32:52 +0000 commented question Wireshark OUI Lookup Tool Broken

These formats all work: OUI search Results 00:d9:d1 00:D9:D1 Sony Interactive Entertainment Inc.

2020-05-21 18:18:50 +0000 commented question Wireshark OUI Lookup Tool Broken

Can you provide some examples that don't work? Some recent work was done on the tool, so I would expect it to be workin

2020-05-21 17:16:41 +0000 answered a question save info field from "screen" to a file

If you mean "Info Column", and that's the only column you want, you can achieve this with tshark: Method 1: Specify the

2020-05-21 17:16:41 +0000 received badge  Rapid Responder (source)
2020-05-07 21:42:26 +0000 commented answer dissector print format ?

Indeed, this is the easier and better solution, for this case and probably for the majority of cases. If you need to is

2020-05-07 21:35:25 +0000 commented answer dissector print format ?

Indeed, this is the easier and better solution, for this case and probably for the majority of cases. If you need to is

2020-05-07 20:10:35 +0000 answered a question dissector print format ?

There is no built-in function for this. You would need to test each bit using bit operations (See http://bitop.luajit.o

2020-05-07 20:10:35 +0000 received badge  Rapid Responder (source)
2020-05-06 21:03:55 +0000 received badge  Rapid Responder (source)
2020-05-06 21:03:55 +0000 answered a question The Wireshark Q&A trace file sharing tutorial

I'll provide an answer, but I don't speak on behalf of The Wireshark Foundation, so my answer shouldn't necessarily be i

2020-05-04 20:44:30 +0000 received badge  Rapid Responder (source)
2020-05-04 20:44:30 +0000 answered a question LUA extract tcp.analysis.ack_rtt value

You can try this: subtree:add(F_rtt().value,rtt):set_generated() See https://www.wireshark.org/docs/wsdg_html_chunked

2020-05-04 15:02:42 +0000 commented answer 802.11 lua dissector

You're welcome. Note that my answer was not meant to be a long-term definitive solution but merely one that can work in

2020-04-27 16:37:32 +0000 commented answer I can't see a completely ipv6 address (source and destination), I just see ::1

Ha, I only enjoy reading them from the perspective of learning something, which I almost always do no matter how many ti

2020-04-27 15:58:38 +0000 answered a question How to find out total number of ip4 packets (that are not TCP,UDP or ICMP)

An often overlooked aspect of filtering is IP fragments. While filters such as those provided by @bubbasnmp and @jim-ar

2020-04-27 15:28:12 +0000 answered a question I can't see a completely ipv6 address (source and destination), I just see ::1

Cheat sheets and YouTube videos are definitely helpful, but I would recommend trying to reference more authoritative sou

2020-04-24 00:04:37 +0000 commented answer 802.11 lua dissector

In the absence of such a change, then a post-dissector implementation might suffice, as long as you don't mind the un-di

2020-04-23 18:41:15 +0000 received badge  Rapid Responder (source)
2020-04-23 18:41:15 +0000 answered a question 802.11 lua dissector

If by Protocol ID of the LLC, you mean the llc.type field, then maybe something like the following could help? local le

2020-04-22 17:25:23 +0000 received badge  Rapid Responder (source)
2020-04-22 17:25:23 +0000 answered a question How to detect any attempt of connecting to my wifi using wireshark ?

Have a look at https://wiki.wireshark.org/CaptureSetup/WLAN

2020-04-15 22:24:19 +0000 commented question Beginner: Display Filter to Detect Ping

Are you capturing traffic on the correct interface? You may want to temporarily remove the capture filter to be sure yo

2020-04-15 13:49:59 +0000 commented answer Internal Server Error

Based on information provided, a change was made that ought to allow the original question to be posted now. Unfortunat

2020-04-15 12:27:03 +0000 answered a question Internal Server Error

Unfortunately, due to spammers and other bad actors, there are a number of banned phrases in place on this site, and mos

2020-04-15 12:27:03 +0000 received badge  Rapid Responder (source)
2020-04-10 18:28:56 +0000 commented answer Statistics data-rate units

I'm not sure why some folks are encountering the "Internal Server Error" message, for example: Help! Asking a question

2020-04-10 18:27:13 +0000 commented answer Statistics data-rate units

I'm not sure why some folks are encountering the "Internal Server Error" message, for example: Help! Asking a question

2020-04-09 23:19:47 +0000 commented answer Statistics data-rate units

Perhaps if you provide a [small] capture file that, so we can all refer to the same concrete example?

2020-04-09 21:36:25 +0000 answered a question Statistics data-rate units

While both the Bits/s columns in the Statistics -> Conversations window, and the Bits/s column of the Statistics ->

2020-04-09 21:36:25 +0000 received badge  Rapid Responder (source)
2020-04-07 14:08:18 +0000 commented question lua plugin calling built-in dissector, does not pass pkt data to it

Are you actually passing data to dissect_my_ip_protocol() in the data argument? Because the tvb has all the packet byte

2020-04-07 13:58:31 +0000 edited question lua plugin calling built-in dissector, does not pass pkt data to it

lua plugin calling built-in dissector, does not pass pkt data to it Hello, I have a use case where the data I need to d

2020-04-07 13:49:01 +0000 edited answer tcp.flags.str explanation

The TCP Flags is a Unicode string, and rather than being shown as "TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\x

2020-04-07 13:37:47 +0000 answered a question tcp.flags.str explanation

The TCP Flags is a Unicode string, and rather than being shown as "TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\x

2020-04-07 13:37:47 +0000 received badge  Rapid Responder (source)
2020-04-03 20:19:20 +0000 edited question WireShark with expanded CIP information

WireShark with expanded CIP inormation I worked with a version of wireshark at Rockwell Automation that was Rockwell spe

2020-04-03 19:37:40 +0000 commented answer Lua dissector is not processing the full TCP payload.

Nice. I'm glad I could help. Of course, most of the credit goes to @hadriel, who wrote the fpm.lua file and shared it

2020-04-03 18:40:50 +0000 received badge  Rapid Responder (source)