2024-01-22 04:34:36 +0000 | received badge | ● Commentator |
2024-01-22 04:34:36 +0000 | commented answer | TCP header length 20 bytes with Timestamps Both the Windows computer and the Ubuntu computer have [] brackets around the word timestamps but the Ubuntu computer ha |
2024-01-22 04:33:40 +0000 | marked best answer | TCP header length 20 bytes with Timestamps I have Wireshark Version 4.2.2 on Windows 10. It is my understanding that Timestamps go into the TCP options section of the header. According to what I have read TCP headers containing this option increase by 10 bytes (8 bytes for the two timestamp values and 2 bytes to indicate the option value and length). But Wireshark is saying the header length is only 20 bytes even though I can see the timestamp values? I tried to add a picture but don't have enough reputation. On my Ubuntu computer Wireshark Version 3.6.2 says the TCP header with timestamps is 32 bytes as it is padded out with two NOP bytes. Why is Wireshark saying the TCP header length is only 20 bytes with timestamps on the Windows computer? |
2024-01-21 10:01:57 +0000 | asked a question | TCP header length 20 bytes with Timestamps TCP header length 20 bytes with Timestamps I have Wireshark Version 4.2.2 on Windows 10. It is my understanding that Ti |
2024-01-20 01:19:00 +0000 | received badge | ● Notable Question (source) |
2024-01-20 01:19:00 +0000 | received badge | ● Famous Question (source) |
2023-05-16 13:18:24 +0000 | received badge | ● Notable Question (source) |
2022-12-26 09:36:51 +0000 | received badge | ● Popular Question (source) |
2022-04-23 07:58:36 +0000 | received badge | ● Popular Question (source) |
2021-09-12 10:38:24 +0000 | commented answer | Capture filter not capturing anything Wow, you cracked it. The traffic is PPPoE. The correct filter is pppoes and yes it worked. I didn't think this problem h |
2021-09-12 10:38:20 +0000 | marked best answer | Capture filter not capturing anything I am running Ubuntu 20.04. I am capturing using a network tap on a computer that has a separate NIC not configured with an IP address. When I run a capture using 'host xxx.xxx.xxx.xxx' as a capture filter it does not capture anything even though I know there is traffic to that address. I am assuming this is because there is no traffic destined to or sourced from the NIC I am capturing on? Is there a capture filter available that could capture traffic to and from a particular IP address in this scenario? |
2021-09-12 09:02:13 +0000 | commented question | Capture filter not capturing anything I have fibre. The router is a Ubiquiti Edgerouter which goes to a EdgeSwitch. Plugged into that is a Unifi AC Lite. I th |
2021-09-11 21:37:15 +0000 | commented question | Capture filter not capturing anything Ok I have figured out that this problem only occurs if I have the network tap positioned between the wall and the router |
2021-09-11 10:25:27 +0000 | commented question | Capture filter not capturing anything Even if I do a capture filter of 'ip' it doesn't capture anything. |
2021-09-11 10:06:28 +0000 | commented question | Capture filter not capturing anything The address in question when there is no capture filter is in this format: xxx.xxx.xxx.xxx.dsl.dyn.ihug.co.nz |
2021-09-11 10:04:55 +0000 | commented question | Capture filter not capturing anything The source address when there is no capture filter is in this format: xxx.xxx.xxx.xxx.dsl.dyn.ihug.co.nz |
2021-09-11 10:00:50 +0000 | commented question | Capture filter not capturing anything Yes I see lots of traffic to and from this particular address when using no capture filter? |
2021-09-11 09:11:06 +0000 | asked a question | Capture filter not capturing anything Capture filter not capturing anything I am running Ubuntu 20.04. I am capturing using a network tap on a computer that |
2021-09-11 08:54:46 +0000 | marked best answer | Packet length exceeds MSS I am capturing between a computer and a router using a Dualcomm Network Tap. I have noticed some packets that have a length that exceed the MTU of 1492 set in the router. I did the capture from the wire for the specific purpose of avoiding the issue of Large Segment Offload. I do not understand how there can be packets between the NIC and the router that exceed the MTU. The operating system I am running Wireshark on for the capture is Ubuntu 20.04 using a separate NIC. In case the NIC was doing Large Receive Offload I tried but it didn't help. |
2021-09-11 08:54:46 +0000 | received badge | ● Scholar (source) |
2021-08-18 23:50:21 +0000 | received badge | ● Rapid Responder |
2021-08-18 23:50:21 +0000 | answered a question | Packet length exceeds MSS Hi Anders, Thank you for your very useful link. For the record ethtool -K enp3s0 gro off solved my problem. This |
2021-08-18 07:25:27 +0000 | asked a question | Packet length exceeds MSS Packet length exceeds MSS I am capturing between a computer and a router using a Dualcomm Network Tap. I have noticed |
2021-06-24 00:42:37 +0000 | received badge | ● Famous Question (source) |
2021-06-24 00:42:37 +0000 | received badge | ● Notable Question (source) |
2021-06-24 00:42:37 +0000 | received badge | ● Popular Question (source) |
2019-01-25 21:01:08 +0000 | commented answer | When I try and use the "ip broadcast" capture filter it says "netmask not known, so 'ip broadcast' not supported"? ip multicast works on the linux computers? |
2019-01-25 20:37:30 +0000 | commented answer | When I try and use the "ip broadcast" capture filter it says "netmask not known, so 'ip broadcast' not supported"? Hi Guy, Thank you for your reply. I have noticed this issue only happens with the linux computers. On the Windows comp |
2019-01-24 09:10:23 +0000 | asked a question | When I try and use the "ip broadcast" capture filter it says "netmask not known, so 'ip broadcast' not supported"? When I try and use the "ip broadcast" capture filter it says "netmask not known, so 'ip broadcast' not supported"? I bee |