2024-02-19 11:51:29 +0000 | asked a question | Private Membership for the Wireshark Foundation? Private Membership for the Wireshark Foundation? Since the Wireshark Foundation is now a done deal I wonder, if there ar |
2024-01-22 20:44:22 +0000 | edited answer | Kerberos not working, NTLM working since upgrading domain from 2008R2 to 2019. Do you have a trace file? That JSON file is not really helpful. Server 2003 only supports SMB v1. The newer Windows ver |
2024-01-22 20:09:40 +0000 | edited answer | Kerberos not working, NTLM working since upgrading domain from 2008R2 to 2019. Do you have a trace file? That JSON file is not really helpful. SMB (or, hopefully, SMB2/3) can be quite picky during t |
2024-01-22 17:25:16 +0000 | answered a question | Kerberos not working, NTLM working since upgrading domain from 2008R2 to 2019. Do you have a trace file? That JSON file is not really helpful. SMB (or, hopefully, SMB2/3) can be quite picky during t |
2024-01-22 17:25:16 +0000 | received badge | ● Rapid Responder (source) |
2024-01-22 17:25:13 +0000 | answered a question | Kerberos not working, NTLM working since upgrading domain from 2008R2 to 2019. Do you have a trace file? That JSON file is not really helpful. SMB (or, hopefully, SMB2/3) can be quite picky during t |
2024-01-22 17:25:13 +0000 | received badge | ● Rapid Responder (source) |
2023-12-19 23:22:16 +0000 | received badge | ● Popular Question (source) |
2023-05-31 19:36:12 +0000 | asked a question | IP over LLC with a twist IP over LLC with a twist Dear Wireshark Community I stumbled over a trace file with an non-standard version of IP over |
2023-04-21 20:37:40 +0000 | received badge | ● Popular Question (source) |
2023-03-02 22:14:32 +0000 | answered a question | slow transfer in one direction Most remarkably, the slow transfer file shows quite a number of retransmissions, where the fast transfer does not show s |
2023-02-27 21:46:36 +0000 | received badge | ● Rapid Responder (source) |
2023-02-27 21:46:36 +0000 | answered a question | SMB2 copy issue and SRT Just a few ideas: Is the disk full or very fragmented (note that fragmentation is less of an issue with SSDs) Please c |
2023-01-02 16:47:12 +0000 | answered a question | Capture inbound packets only How about this: tshark -i 1 -f "ether dst 00:11:22:33:44:55" -i specifies the interface. You might want to change the |
2023-01-02 16:47:12 +0000 | received badge | ● Rapid Responder (source) |
2022-10-22 16:03:58 +0000 | edited question | Can Wireshark decrypt Windows RMI packets? Can Wireshark decrypt Windows RMI packets? I am looking at a trace file with Windows RMI packets (HTTP on TCP port 5985) |
2022-10-22 15:57:12 +0000 | asked a question | Can Wireshark decrypt Windows RMI packets? Can Wireshark decrypt Windows RMI packets? I am looking at a trace file with Windows RMI packets (HTTP on TCP port 5985) |
2022-10-22 15:57:01 +0000 | asked a question | Can Wireshark decrypt Windows RMI packets? Can Wireshark decrypt Windows RMI packets? I am looking at a trace file with Windows RMI packets (HTTP on TCP port 5985) |
2022-10-22 15:56:53 +0000 | asked a question | Can Wireshark decrypt Windows RMI packets? Can Wireshark decrypt Windows RMI packets? I am looking at a trace file with Windows RMI packets (HTTP on TCP port 5985) |
2022-09-08 20:22:21 +0000 | answered a question | how to detect packets that go to endpoint through broadcast/multicast? Working with a trace file you could use the menu function Statistics -> Endpoints and look up the counter. On a live |
2022-09-08 20:22:21 +0000 | received badge | ● Rapid Responder (source) |
2022-09-07 15:36:04 +0000 | answered a question | Analyzing SMB behavior when different client OS connect (Mainly OSX) The story about "all clients need the same operating system" sounds weird. IMHO this is a matter of the samba client con |
2022-09-03 12:20:55 +0000 | commented question | Wireshark not starting Did you check the Event Log? Relevant information can usually be found either in the Application or System Event Log |
2022-05-13 18:28:26 +0000 | commented answer | decrypt smb2 on a test environment You need the session key, which is determined individually for each client and each share (or TreeConnect). Recent SAMB |
2021-09-18 15:32:34 +0000 | edited answer | OR SQL Injection Detected Hello aks First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to |
2021-09-18 15:31:25 +0000 | answered a question | OR SQL Injection Detected Hello aks First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to |
2021-09-18 15:31:22 +0000 | answered a question | OR SQL Injection Detected Hello aks First of all, Wireshark is good for network analysis, it's not an IDS. However, Wireshark is super-useful to |
2021-09-18 15:20:08 +0000 | commented question | DHCP and relay Are you running Wireshark on the DHCP client, or is this another host? If you run Wireshark on the DHCP client: Does th |
2021-08-22 08:51:25 +0000 | answered a question | Is there a plug-in showing MPLS statistics? I am not aware of a plugin. Depending on your requirements, you might get away with the command line tool tshark. For st |
2021-07-24 15:28:25 +0000 | answered a question | SMB client changing from one server interface to another You are looking at an SMB feature called multichannel. SMB tries to optimize network traffic by spreading traffic over m |
2021-07-24 15:28:21 +0000 | answered a question | SMB client changing from one server interface to another You are looking at an SMB feature called multichannel. SMB tries to optimize network traffic by spreading traffic over m |
2021-06-23 21:45:18 +0000 | received badge | ● Rapid Responder (source) |
2021-06-23 21:45:18 +0000 | answered a question | Is there a filter to display only broadcasts? Hello Pauli Broadcast messages happen on Layer 2 or Layer 3. Try this Wireshark display filter for Layer 2 broadcasts ( |
2021-05-14 15:01:48 +0000 | received badge | ● Rapid Responder (source) |
2021-05-14 15:01:48 +0000 | answered a question | Random Application Slowdown - Many TCP Retransmissions Hello KBolt The very first packets of your trace look like a capture taken from a SPAN port. Depending on the configura |
2021-05-14 14:45:51 +0000 | answered a question | Broadcasts per VLAN Hello ITgustl and welcome to ask.wireshark.org. To visualize the broadcast load per VLAN I highly recommend the I/O gr |
2021-05-14 14:45:51 +0000 | received badge | ● Rapid Responder (source) |
2021-04-21 07:24:57 +0000 | answered a question | Technical advice - capturing on 100Gbe networks Nowadays, a lot of traffic is encrypted. So, a full packet capture is not very useful. Packet slicing could be an optio |
2021-04-06 21:15:56 +0000 | answered a question | macOS SMB uploads to Windows Server share hang for dozen of seconds I was privileged to take a look at the trace from an SMB level. Here are a few observations from the trace: In general |
2021-04-03 16:18:49 +0000 | answered a question | SMB and TCP packets - TCP retransmissions The screenshot suggests that the systems use SMB (not SMB2) to exchange data. Most applications make blocking calls whe |
2021-03-30 19:37:07 +0000 | commented question | macOS SMB uploads to Windows Server share hang for dozen of seconds Hi Tom A wonderful mystery! Could you share a few more details: Any chance to find out the version of Windows is the |
2021-03-30 19:29:48 +0000 | commented question | macOS SMB uploads to Windows Server share hang for dozen of seconds Hi Tom A wonderful mystery! Could you share a few more details: Any chance to find out the version of Windows is the |
2021-03-07 16:36:32 +0000 | answered a question | SMB Ioctl Response, Error: STATUS_NOT_FOUND File shares accessed by SMB, SMB2 or SMB3 can be replicated over multiple servers. The underlying shares are arranged in |
2021-03-07 16:36:32 +0000 | received badge | ● Rapid Responder (source) |
2021-02-08 16:16:18 +0000 | commented answer | How to capture Miracast traffic? I think the most interesting part is the handshake between the computer and the display device. Any ideas how to capture |
2021-02-03 06:23:59 +0000 | commented question | How to capture Miracast traffic? Excellent question! Windows requires that Bluetooth and WiFi, both interfaces have to be active to start a Miracast con |
2021-01-31 18:48:01 +0000 | edited question | Question regarding broadcast traffic has any one seen this grouping before ... is it a hub or some one on my site... i have had people ordering amazon items |
2021-01-31 17:54:57 +0000 | edited question | Question regarding broadcast traffic has any one seen this grouping before ... is it a hub or some one on my site... i have had people ordering amazon items |
2021-01-31 17:54:55 +0000 | edited question | Question regarding broadcast traffic has any one seen this grouping before ... is it a hub or some one on my site... i have had people ordering amazon items |
2021-01-31 17:48:38 +0000 | received badge | ● Rapid Responder (source) |