Ask Your Question

SYN-bit's profile - activity

2025-06-04 15:46:58 +0000 answered a question Added an important feature

Right-clicking on the filter button gives you all of these options (and more!) already. Would your suggestion add someth

2025-06-04 15:46:58 +0000 received badge  Rapid Responder
2025-05-23 06:37:17 +0000 commented answer App performance is normal WHILE running packet capture

Were you able to test this? What was the result?

2025-05-16 06:03:58 +0000 received badge  Rapid Responder (source)
2025-05-16 06:03:58 +0000 answered a question App performance is normal WHILE running packet capture

The only thing I can think of that is changed to the system when a capture is running is that the interface(s) on which

2025-05-13 21:52:23 +0000 commented answer Wireshark decryption needs updates for AKM 24

Thank you!

2025-05-13 05:24:19 +0000 commented answer I accidentally disabled search protocols like HTTP or Ethernet, and now I am getting very little information.

Glad it helped, welcome to the wonderful world of packet analysis!

2025-05-13 05:23:34 +0000 edited answer Wireshark decryption needs updates for AKM 24

Thanks for reporting this issue, however, we keep track of bugs and/or enhancement requests on gitlab. Could you add thi

2025-05-13 05:22:45 +0000 answered a question Wireshark decryption needs updates for AKM 24

We keep track of bugs and/or enhancement requests on gitlab. Could you add this as an enhancement request on https://git

2025-05-13 05:22:45 +0000 received badge  Rapid Responder (source)
2025-05-13 05:20:25 +0000 answered a question Any reason Wireshark cannot decrypt local https server

Thanks for providing the packet capture. The traffic to your server is using port 8088 which is not listed as an https p

2025-05-13 05:20:25 +0000 received badge  Rapid Responder (source)
2025-05-13 05:08:15 +0000 received badge  Rapid Responder (source)
2025-05-13 05:08:15 +0000 answered a question I accidentally disabled search protocols like HTTP or Ethernet, and now I am getting very little information.

The easiest way to go back to the default settings is to go to "Edit -> Configuration Profiles". Select "Default" and

2025-05-12 08:31:43 +0000 edited answer Any reason Wireshark cannot decrypt local https server

Without any information to go on besides "Dycryption for my local site does not work" and "decryption for some other sid

2025-05-12 05:33:58 +0000 answered a question Any reason Wireshark cannot decrypt local https server

Without any information to go on besides "Dycryption for my local site does not work" and "decryption for some other sid

2025-05-12 05:33:58 +0000 received badge  Rapid Responder (source)
2025-04-25 11:40:50 +0000 commented answer TCP SACK analysis best practice?

There might be other tools out there, but I think this is the best Wireshark can do for "easy" SACK analysis. The rest n

2025-04-24 14:26:11 +0000 received badge  Rapid Responder (source)
2025-04-24 14:26:11 +0000 answered a question TCP SACK analysis best practice?

Hi Niels, did you check the TCP streamgraph (tcptrace version)? It shows SACK blocks in red lines and they align to the

2025-04-23 13:47:06 +0000 commented answer SSL connection failing

Do both AS400s follow the same path to the Internet (and then to the FTP server)? You mentioned one is a virtual server,

2025-04-22 09:47:24 +0000 commented answer SSL connection failing

I would follow a few steps, but please note that I do not have any specific AS400 experience. Also, I do not know anythi

2025-04-22 09:24:18 +0000 commented answer SSL connection failing

I would appreciate comments by SYN-bit or anyone else that's knowledgeable. On the iSeries/AS400, IBM support told me

2025-04-11 19:11:15 +0000 received badge  Rapid Responder (source)
2025-04-11 19:11:15 +0000 answered a question Stream tcpdump output to Wireshark GUI

You can use sshdump to do that, it's in the installer under "tools", AFAIK it is not installed by default, so you will h

2025-04-10 12:35:06 +0000 commented answer SSL connection failing

Yup, manual calculation, seems to be something a field we could add to the TCP dissector. But it is tricky when there ar

2025-04-10 10:52:11 +0000 commented answer SSL connection failing

The MTU size is not directly visible in network packets, as it is a setting off the network interface. But the TCP MSS i

2025-04-09 20:57:50 +0000 received badge  Rapid Responder (source)
2025-04-09 20:57:50 +0000 answered a question SSL connection failing

Looks like the old AS400 was tweaked to use an MTU of 1492 instead of the standard 1500. The new AS400 is using an MTU o

2025-04-04 18:24:52 +0000 commented answer Help Tracking Delayed Packets

I did a quick check on a TCP delta time of >10 seconds, but that does not show anything. So it is not just a simple l

2025-04-04 09:22:29 +0000 commented answer Help Tracking Delayed Packets

Thanks for the files, great that you used tracewrangler to anonimize them. Unfortunaly I think the clue in this case wou

2025-04-04 08:10:52 +0000 commented answer Help Tracking Delayed Packets

Welcome to the wonderful world of Packet Analysis :-) Yes, we don't have files sharing enabled to prevent all kinds of

2025-04-04 06:54:19 +0000 received badge  Rapid Responder (source)
2025-04-04 06:54:19 +0000 answered a question Help Tracking Delayed Packets

Nice to see you're jumping on the packet analysis bandwagon. It's impossible to do a troubleshooting course in one answe

2025-04-01 22:08:57 +0000 received badge  Rapid Responder (source)
2025-04-01 22:08:57 +0000 answered a question "Expert Info Severity" column doesn't show the most severe severity.

Do you by any chance have selected a non-zero value for occurrence in the column definition? As your column only shows o

2025-03-31 18:24:32 +0000 commented answer Lots (but not all) of TCP CHECKSUM INCORRECT on Windows

Another thing I noticed is that the embedded device is sending a window size of 2048 bytes max. The client is sending ht

2025-03-31 18:07:39 +0000 answered a question Lots (but not all) of TCP CHECKSUM INCORRECT on Windows

It looks like all checksum error messages are indeed caused by checksum offloading.The partial checksum calculation is d

2025-03-06 22:37:10 +0000 commented answer Different dissect results for tshark and Wireshark

Oops, Wireshark and Tshark do not use the same profile by default, so yes, if you are using a non-default profile in Wir

2025-03-05 16:39:20 +0000 received badge  Rapid Responder (source)
2025-03-05 16:39:20 +0000 answered a question Different dissect results for tshark and Wireshark

I suspect that somehow your Wireshark is using a different profile than your tshark (normally tshark should be using the

2025-03-02 08:50:23 +0000 received badge  Rapid Responder (source)
2025-03-02 08:50:23 +0000 answered a question what is slowing down the restore?

First the lowhanging fruit, is the window size too small, not scaled enough? For this to calculate, you need the used wi

2025-02-25 18:45:41 +0000 commented answer UDP Checksum

Assuming there is timeout for retransmitting a block when no ACK is received, you could use a filter like tftp and udp.t

2025-02-25 13:37:43 +0000 received badge  Rapid Responder (source)
2025-02-25 13:37:43 +0000 answered a question UDP Checksum

The meaning of any checksum, whether it is at the UDP layer or any other layer is to detect errors in the data. When dat

2025-02-23 16:19:59 +0000 commented answer Windows Server DNS response cut short

I'm no Azure administrator, but in the linked document I do not see any reference to have the zone locally configured as

2025-02-23 14:32:38 +0000 commented answer Windows Server DNS response cut short

It’s not DNS There’s no way it’s DNS It was DNS Good find, glad you were able to solve it, does make one wonder why the

2025-02-22 15:21:41 +0000 commented question Windows Server DNS response cut short

Are you sure it is truncated, there could be reassembly of IP fragments at work? Also, is the "truncated" flag set in th

2025-02-20 07:55:01 +0000 commented answer Inconsistent filter results

Interesting case, must be something like that. @Mick b Are you able to share (part) of the file or would that expose sen