Jim Aragon's profile - activity

-1 means "Unknown." The SYN and SYN/ACK packets are not in the capture file, so Wireshark does not know if window scalin

While it is true that most of the time both systems will use the lower value, [RFC 879, "The TCP Maximum Segment Size an

While it is true that most of the time both systems will use the lower value, RFC 879, "The TCP Maximum Segment Size and

It is the calculated window size on the system that sent that packet. Packets from the client will have the client's win

The port number is added in a different place from where you added the server IP address. Go to Edit -> Preferences -

Apply a display filter to show just the packets you want to export. From your image, it looks like you want packets 1624

RFC 6864, "Updated Specification of the IPv4 ID field," in section 4 defines "atomic datagrams" as "datagrams not yet fr

RFC 6864, "Updated Specification of the IPv4 ID field," in section 4 defines "atomic datagrams" as "datagrams not yet fr

Capture hands on start Dears, I need to run wireshark on a Windows 7 x64 workstation. Just installed, it hangs as I s

I understand Transport Layer Protocols may not need to add up incrementally, but I understand that subprotocols/subvaria

Possibly. There are a couple of ways you can try to determine if a trace file was captured on one of the endpoints in th

The start of the Zero Window condition was when the receiver sent the first Zero Window packet. The other Zero Window pa

Enter this display filter: ip && !(tcp || udp || icmp) and then read the number of displayed packets in the s

"A wireshark capture I've been anaylyzing has some TCP out of order, Dup Ack's, and previous segment not captured. Ap

Click on Analyze then Enabled Protocols. If HTTP is disabled, the box to the left will be blank. Click on the box to re-

I realize that you are probably trying to protect confidential or proprietary information, but your first file (in the q

HTTP keepalives and TCP keepalives are unrelated. See https://stackoverflow.com/questions/9334401/http-keep-alive-and-tc

I saw how SACK's right edge grows, how another SACK buffer is added in the presence of a new 'TCP segment not c

I saw how SACK's right edge grows, how another SACK buffer is added in the presence of a new 'TCP segment not c

No, Wireshark won't do that, but TraceWrangler will.

receive window and lenght hello: My receive window on receiver (calculated window size) is 262656. my sender is only s

The default setting for Wireshark's Time column is "Seconds Since Beginning of Capture," and with that setting, the firs

I'm glad that a posting of mine helped, but--there's nothing wrong with the capture filter in your question. It's valid

Either field can be used as a column and they will behave exactly as @Jasper said, but also, frame.time_delta_displayed

"So by what you are saying I would expect a TTL of 42 if I was getting a [rst, ack] from the actual server, thereby furt

"So by what you are saying I would expect a TTL of 42 if I was getting a [rst, ack] from the actual server, thereby furt

"Are the remote destination ip addrs the actual mail servers or are they routers or some other intermediate server that

Two answers have recommended using the display filter "dns contains www.yahoo.com". This will not work because host nam

Upload it to a file sharing site that is not password protected and edit your question to include a link to the file.

Wireshark generates fields to correlate HTTP requests and responses, so you can do this with a little work. Apply a dis

Wireshark generates fields to correlate HTTP requests and responses, so you can do this with a little work. Apply a dis

Wireshark generates fields to correlate HTTP requests and responses, so you can do this with a little work. Apply a dis

They correlate perfectly for me. So, for us to give you any help, you need to: Post a capture file somewhere where it