Ask Your Question

SYN-bit's profile - activity

2021-09-29 16:07:52 +0000 commented answer Help understanding a RST, ACK sent after ACK of ZeroWIndow

Thanks Sys-Bit Its pretty much what I thought also that something in the application stack is resetting the session. T

2021-09-29 11:17:46 +0000 answered a question Help understanding a RST, ACK sent after ACK of ZeroWIndow

From analyzing the image (BTW, it is much easier to analyze network packets using a capture file, then we can use our fa

2021-09-29 11:17:46 +0000 received badge  Rapid Responder (source)
2021-09-26 12:02:39 +0000 commented answer Export selected http works strange - got another tcp packets

Another route if you want to save a selection of http requests/responses (and other packets that might have been reassem

2021-09-26 11:50:32 +0000 commented answer Export selected http works strange - got another tcp packets

You can create a filter button for the frame.number in {${frame.number} ${http.response_in}} filter (click on the + next

2021-09-26 11:12:35 +0000 answered a question How do I capture more features

Capturing packets from other systems is not as straightforward as just starting a capture. Have a look at the following

2021-09-26 11:12:35 +0000 received badge  Rapid Responder (source)
2021-09-26 11:08:06 +0000 commented answer Export selected http works strange - got another tcp packets

Combining @chuckc's method and my method: select the http request you would like to export combined with its response a

2021-09-26 11:04:57 +0000 commented answer Export selected http works strange - got another tcp packets

Nice filter Chuck, I like your usage of ${} macros inside of the set filter.

2021-09-26 11:02:21 +0000 received badge  Associate Editor (source)
2021-09-26 11:02:21 +0000 edited answer Export selected http works strange - got another tcp packets

If you take HTTP.cap as an example, then filter on http, you will see the http request in frame 4 and the http response

2021-09-26 11:02:01 +0000 edited answer Export selected http works strange - got another tcp packets

If you take HTTP.cap as an example, then filter on http, you will see the http request in frame 4 and the http response

2021-09-26 10:53:23 +0000 answered a question Export selected http works strange - got another tcp packets

If you take HTTP.cap as an example, then filter on http, you will see the http request in frame 4 and the http response

2021-09-23 20:32:16 +0000 commented question Understanding the delay generated from SOAP client-server.

Are there many clients doing SOAP requests to the remote service? Which device is doing the NAT and are you able to make

2021-09-23 20:03:07 +0000 edited question decrypt tls 1.2 issue

decrypt tls 1.2 issue (Windows Server 2019 + Wireshark v3.4.8-0-g3e1ffae201b8 ) Trying to use the environment variable

2021-09-13 17:00:28 +0000 commented answer How does wireshark identify tls1.3?

In your picture in frame 57, it is not yet known by the endpoints which version of TLS will be used, as they are just en

2021-09-12 12:31:15 +0000 answered a question How does wireshark identify tls1.3?

In TLSv1.3, there is a new extension that negotiates the TLS version. It reuses the TLSv1.2 version on the handshake mes

2021-09-12 12:31:15 +0000 received badge  Rapid Responder (source)
2021-09-12 12:21:39 +0000 commented answer Capture filter not capturing anything

Good to hear I was on the right track! Thanks for pointing out my typo, I corrected it :-)

2021-09-12 12:20:40 +0000 edited answer Capture filter not capturing anything

If I understand you correctly, you place a network TAP between a system and the switch/router it was connected to and co

2021-09-12 09:38:27 +0000 received badge  Rapid Responder (source)
2021-09-12 09:38:27 +0000 answered a question Capture filter not capturing anything

If I understand you correctly, you place a network TAP between a system and the switch/router it was connected to and co

2021-08-25 21:12:15 +0000 commented answer TCP session ended early - missing client ACK?

Good find! Were you able to do the downgrade? And did it help? I have an EdgeRouter X, I might try to reproduce the issu

2021-08-24 16:27:51 +0000 commented answer TCP session ended early - missing client ACK?

Thanks for the second pcap file. Since you mentioned that it does not work over the site-to-site vpn and that that behav

2021-08-24 07:54:18 +0000 commented answer TCP session ended early - missing client ACK?

Another thing, this trace shows only the transfer of "/NetMedicalLogin.png", I assume this picture was referenced in an

2021-08-24 07:37:56 +0000 answered a question TCP session ended early - missing client ACK?

Although at first glance it looks like a MTU problem, it isn't. The "full" sized frames are indeed received at the clien

2021-07-14 10:41:27 +0000 answered a question Reason for TCP spurious retransmission

The reason for Wireshark to mark a packet as a "Spurious Retransmission" is that it sees a retransmission of a TCP segme

2021-07-14 10:41:27 +0000 received badge  Rapid Responder (source)
2021-06-25 13:34:08 +0000 commented answer No packet with capture filter

@MichaelP Did you select the right interface before typing in the capture filter? As capture filters are Link-layer spec

2021-06-25 12:28:32 +0000 received badge  Rapid Responder (source)
2021-06-25 12:28:32 +0000 answered a question Not able to see client certificate in capture

The ClientCertificate is spread over frames 10, 11 and 12. In order for Wireshark to display the certificate, it needs t

2021-06-25 11:44:28 +0000 answered a question No packet with capture filter

If the packets are PPPoE encapsulated, you need to use the filter pppoes and port 5060. This is because the BPF filter e

2021-06-25 11:44:28 +0000 received badge  Rapid Responder (source)
2021-06-10 15:37:03 +0000 commented answer RTP analysis jump in forward delta time

Thank you for the status update with the good news. Glad you were able to fix it and that my observations helped out. B

2021-06-08 11:05:44 +0000 answered a question I captured traffic while playing 2 minute video and now I need RTT for mathis equation. Can u tell me where to find value for RTT to use it in equation

The RTT of a connection could be calculated if there is a protocol present that will give a good indication. Like a 3-wa

2021-06-01 18:39:46 +0000 answered a question Cannot decrypt HTTP over TLS

In a RSA key exchange (indicated by your ciphersuite), the pre-master-secret (which is used to create the data-encryptio

2021-06-01 18:39:46 +0000 received badge  Rapid Responder (source)
2021-05-31 14:34:11 +0000 commented answer RTP analysis jump in forward delta time

One thing I noticed in the pcap is that the provider does not send a ptime parameter in it's SDP packet. Only a maxptime

2021-05-31 12:18:56 +0000 commented answer RTP analysis jump in forward delta time

Thanks for sharing the pcap, it's interesting to see the behavior. Also it seems to take 1 RTCP packet with quite a bit

2021-05-31 10:06:48 +0000 commented answer RTP analysis jump in forward delta time

It seems the RTCP packet at the start of the 40ms ptime interval is indicating ~11% packet loss experienced by the exter

2021-05-31 08:55:45 +0000 answered a question RTP analysis jump in forward delta time

Without the signalling and RTP seq+timestamps it's hard to say for sure. But it looks like a different packetization tim

2021-05-31 08:55:45 +0000 received badge  Rapid Responder (source)
2021-05-19 08:15:30 +0000 commented answer Highlight or color packet detail item if it caused the display filter to match the packet

Glad it solved (part) of your challenge :-)

2021-05-19 08:15:05 +0000 commented answer Highlight or color packet detail item if it caused the display filter to match the packet

Glad it solved (part) if your challenge :-)

2021-05-18 10:12:15 +0000 answered a question Highlight or color packet detail item if it caused the display filter to match the packet

Not the solution for your reuqest, but maybe a good workaround, if you search for a string in the packet-details, the st

2021-05-18 10:12:15 +0000 received badge  Rapid Responder (source)
2021-05-03 13:27:22 +0000 commented answer TCP Dup ACK after reconnection - sequence number problem?

A RTO (retransmission timeout) of 6 seconds is really really high. 3 seconds used to be a generally used value like 10+

2021-05-03 12:40:42 +0000 commented answer TCP Dup ACK after reconnection - sequence number problem?

The client side capture is a bit confusing to read. Wireshark displays TCP ACKed unseen segment and TCP spurious Re

2021-04-29 10:04:45 +0000 received badge  Rapid Responder (source)
2021-04-29 10:04:45 +0000 answered a question TCP Dup ACK after reconnection - sequence number problem?

From the captured packets, I think there is a bug in de TCP/IP stack of device-2. I assume the span port was mirroring t