2024-10-21 08:10:47 +0000 | answered a question | Wireshark intercepts only those passwords. which are entered at the moment of connection? those passwords that are saved, sites. which were previously logged in - Wireshark will not be able to get them? Wireshark is a network monitoring tool, it works by capturing the data traffic as it passes the network. If there are (c |
2024-10-21 08:10:47 +0000 | received badge | ● Rapid Responder (source) |
2024-10-17 12:54:09 +0000 | received badge | ● Rapid Responder (source) |
2024-10-17 12:54:09 +0000 | answered a question | can more than one network interface be used Yes, just open "Capture -> Options", select all the interfaces you want to capture on and then click 'OK' |
2024-10-16 05:02:43 +0000 | commented question | TCP length value is more than negotiated MSS @MahmutAydin I reopened the question, changed the comments to an answer stream and accepted that answer. This way the qu |
2024-10-14 12:12:41 +0000 | answered a question | FTP from PLC to Robot with larger files fails Thanks for providing pcap files @casper, the pattern in them is very interesting. First of all, it is not a memory probl |
2024-10-13 19:53:58 +0000 | commented answer | RST: present, Fin: Absent, DATA: Present, ACK: Any news from the Firewall team? |
2024-10-13 19:50:42 +0000 | commented answer | TCP ACK Protocol display My goal is is to be able to see how much traffic (in proportion) my protocol is creating. With the Protocol Hie |
2024-10-13 19:46:13 +0000 | commented question | FTP from PLC to Robot with larger files fails Can anyone tell me if i have interpreted the Wireshark capture correctly. Without looking at the capture, it is qui |
2024-10-11 13:47:49 +0000 | commented question | Wireshark not capturing MQTT data over Ethernet with port mirroring As you are capturing on M2, the ping from or to M2 will always be visible, whether or not the span/mirror port is workin |
2024-10-11 11:21:33 +0000 | commented question | Wireshark not capturing MQTT data over Ethernet with port mirroring If the ping was done from the wireshark system (M2), then it was not in the packet capture because of the port mirror, b |
2024-10-11 10:42:59 +0000 | commented question | Wireshark not capturing MQTT data over Ethernet with port mirroring I assume either M1 or M2 is the Moquitto server? Are you using any capture filters? Is there vlan tagging involved? Are |
2024-10-11 10:39:28 +0000 | answered a question | TCP ACK Protocol display That is not how Wireshark works, Wireshark hands over data to the next dissector, based on tables and heuristics. If the |
2024-10-11 10:39:28 +0000 | received badge | ● Rapid Responder (source) |
2024-10-11 10:35:44 +0000 | commented question | Wireshark not capturing MQTT data over Ethernet with port mirroring Can you see the ping (icmp) traffic in the packet capture? |
2024-10-01 22:14:47 +0000 | commented answer | RST: present, Fin: Absent, DATA: Present, ACK: Did you check whether there is a (checkpoint) firewall in between the AppServer and the Proxy? And if there is, does the |
2024-09-28 16:35:37 +0000 | answered a question | RST: present, Fin: Absent, DATA: Present, ACK: Thanks for the packet capture. Am I right in assuming that 10.133.192.95 is the application server and 172.16.223.11 is |
2024-09-28 16:35:37 +0000 | received badge | ● Rapid Responder (source) |
2024-09-23 13:37:35 +0000 | received badge | ● Rapid Responder (source) |
2024-09-23 13:37:35 +0000 | answered a question | One way throughput problem From a quick glance on the pcap files, I suspect the following: There is quite a bit of packet reordering of the data |
2024-09-23 13:28:54 +0000 | commented question | One way throughput problem Also, when making new packet captures, please start your capture before doing the tests so that the 3-way handshake will |
2024-09-11 08:49:18 +0000 | received badge | ● Rapid Responder (source) |
2024-09-11 08:49:18 +0000 | answered a question | Dissector Syslog transmitted via relp protocol span multiple TCP packets Wireshark is using a two-pass process. On the first pass every packet will be seen in packet order. The second pass happ |
2024-09-10 20:56:23 +0000 | commented question | Unable to list files Please supply the output of About Wireshark (under the Help menu for Windows/Linux or the Wireshark menu for MacOS) as t |
2024-09-10 12:09:01 +0000 | answered a question | Dissector Syslog transmitted via relp protocol span multiple TCP packets Maybe syslog message re-assembly is confusing you. When syslog messages are spanning multiple TCP segments, all the segm |
2024-09-10 12:09:01 +0000 | received badge | ● Rapid Responder (source) |
2024-09-09 11:57:21 +0000 | commented answer | Excessive Retransmission If it works on many different WIFIs, then can you tell me more about the network on which you see these retransmissions |
2024-09-09 09:16:34 +0000 | commented answer | Excessive Retransmission Are you able to use a VPN like Cloudflare Warp or any other. If so, does HTTPS access to https://dns.google work over th |
2024-09-09 08:47:57 +0000 | commented answer | TCP Warnings & already truncated mirrored traffic. A scapy script might be easier perhaps... |
2024-09-09 08:47:27 +0000 | commented answer | TCP Warnings & already truncated mirrored traffic. Not in one one, but you could write a script to do it packet for packet. Or maybe split up the file in files with the sa |
2024-09-09 08:45:11 +0000 | received badge | ● Rapid Responder (source) |
2024-09-09 08:45:11 +0000 | answered a question | Excessive Retransmission The retransmissions are all SYN packets to outside IP addresses on port 443. I can reach these IP addresses on port 443 |
2024-09-09 08:39:38 +0000 | commented question | Excessive Retransmission Thank you! |
2024-09-08 21:48:20 +0000 | commented question | Excessive Retransmission The file is not publicly readable, could you change permissions? |
2024-09-08 21:46:20 +0000 | answered a question | TCP Warnings & already truncated mirrored traffic. How can we make Wireshark perform its 'TCP Analysis' with an IP-length field instead of using 'packet capture length |
2024-09-08 21:46:20 +0000 | received badge | ● Rapid Responder |
2024-09-08 07:34:27 +0000 | received badge | ● Rapid Responder (source) |
2024-09-08 07:34:27 +0000 | answered a question | TCP Warnings & already truncated mirrored traffic. When capturing, the libpcap/npcap library will record how many bytes it has seen on the wire and how many bytes it has s |
2024-09-05 15:25:10 +0000 | commented answer | why is apply as column option not being displayed Ah, my mistake, I misread the original question, it says the rightclick option is not there and I read it as it is greye |
2024-09-05 15:03:32 +0000 | commented answer | v4.2.x TCP ACKed unseen segment I backported the fix to the release-4.2 branch, should be fixed in 4.2.8 |
2024-09-05 14:59:18 +0000 | commented answer | why is apply as column option not being displayed I'm not sure you're on the right track @chuckc, I can rightclick on dns.time and Apply as column is not greyed out. Not |
2024-09-05 14:03:25 +0000 | commented answer | v4.2.x TCP ACKed unseen segment It seems that MR-8988 introduced this issue and MR-14587 fixed it, but this was only applied to master (ie 4.4 and beyon |
2024-09-05 11:34:50 +0000 | answered a question | v4.2.x TCP ACKed unseen segment Without checking all the commits on the TCP dissector, I would assume there was a code change in 4.2.x that changed this |
2024-09-05 11:34:50 +0000 | received badge | ● Rapid Responder (source) |
2024-09-05 11:28:28 +0000 | commented answer | TCP Handshake unexpected behaviour If you filter in ipv6.src == 2001:8003:5133:6700:4582:92cd:d481:6143, you can see that every packet has a bad checksum. |
2024-09-05 09:41:45 +0000 | answered a question | TCP Handshake unexpected behaviour What I got was: Duplicate TCP handshake on incremented ports This is normal behavior of web browsers, they open mul |
2024-09-05 09:41:45 +0000 | received badge | ● Rapid Responder (source) |
2024-08-16 14:53:54 +0000 | answered a question | stream vs session vs conversation Nothing as ambiguous as the word session, as it could be seen from the user perspective, the application perspective, th |
2024-08-16 14:53:54 +0000 | received badge | ● Rapid Responder (source) |
2024-08-15 13:40:16 +0000 | commented question | How to make display filter case insensitive [WireShark 4.2.6] Does this filter do want you want it to do? udp.port == 5355 && dns.flags.response == True && ( upper(i |