2025-06-04 15:46:58 +0000 | answered a question | Added an important feature Right-clicking on the filter button gives you all of these options (and more!) already. Would your suggestion add someth |
2025-06-04 15:46:58 +0000 | received badge | ● Rapid Responder |
2025-05-23 06:37:17 +0000 | commented answer | App performance is normal WHILE running packet capture Were you able to test this? What was the result? |
2025-05-16 06:03:58 +0000 | received badge | ● Rapid Responder (source) |
2025-05-16 06:03:58 +0000 | answered a question | App performance is normal WHILE running packet capture The only thing I can think of that is changed to the system when a capture is running is that the interface(s) on which |
2025-05-13 21:52:23 +0000 | commented answer | Wireshark decryption needs updates for AKM 24 Thank you! |
2025-05-13 05:24:19 +0000 | commented answer | I accidentally disabled search protocols like HTTP or Ethernet, and now I am getting very little information. Glad it helped, welcome to the wonderful world of packet analysis! |
2025-05-13 05:23:34 +0000 | edited answer | Wireshark decryption needs updates for AKM 24 Thanks for reporting this issue, however, we keep track of bugs and/or enhancement requests on gitlab. Could you add thi |
2025-05-13 05:22:45 +0000 | answered a question | Wireshark decryption needs updates for AKM 24 We keep track of bugs and/or enhancement requests on gitlab. Could you add this as an enhancement request on https://git |
2025-05-13 05:22:45 +0000 | received badge | ● Rapid Responder (source) |
2025-05-13 05:20:25 +0000 | answered a question | Any reason Wireshark cannot decrypt local https server Thanks for providing the packet capture. The traffic to your server is using port 8088 which is not listed as an https p |
2025-05-13 05:20:25 +0000 | received badge | ● Rapid Responder (source) |
2025-05-13 05:08:15 +0000 | received badge | ● Rapid Responder (source) |
2025-05-13 05:08:15 +0000 | answered a question | I accidentally disabled search protocols like HTTP or Ethernet, and now I am getting very little information. The easiest way to go back to the default settings is to go to "Edit -> Configuration Profiles". Select "Default" and |
2025-05-12 08:31:43 +0000 | edited answer | Any reason Wireshark cannot decrypt local https server Without any information to go on besides "Dycryption for my local site does not work" and "decryption for some other sid |
2025-05-12 05:33:58 +0000 | answered a question | Any reason Wireshark cannot decrypt local https server Without any information to go on besides "Dycryption for my local site does not work" and "decryption for some other sid |
2025-05-12 05:33:58 +0000 | received badge | ● Rapid Responder (source) |
2025-04-25 11:40:50 +0000 | commented answer | TCP SACK analysis best practice? There might be other tools out there, but I think this is the best Wireshark can do for "easy" SACK analysis. The rest n |
2025-04-24 14:26:11 +0000 | received badge | ● Rapid Responder (source) |
2025-04-24 14:26:11 +0000 | answered a question | TCP SACK analysis best practice? Hi Niels, did you check the TCP streamgraph (tcptrace version)? It shows SACK blocks in red lines and they align to the |
2025-04-23 13:47:06 +0000 | commented answer | SSL connection failing Do both AS400s follow the same path to the Internet (and then to the FTP server)? You mentioned one is a virtual server, |
2025-04-22 09:47:24 +0000 | commented answer | SSL connection failing I would follow a few steps, but please note that I do not have any specific AS400 experience. Also, I do not know anythi |
2025-04-22 09:24:18 +0000 | commented answer | SSL connection failing I would appreciate comments by SYN-bit or anyone else that's knowledgeable. On the iSeries/AS400, IBM support told me |
2025-04-11 19:11:15 +0000 | received badge | ● Rapid Responder (source) |
2025-04-11 19:11:15 +0000 | answered a question | Stream tcpdump output to Wireshark GUI You can use sshdump to do that, it's in the installer under "tools", AFAIK it is not installed by default, so you will h |
2025-04-10 12:35:06 +0000 | commented answer | SSL connection failing Yup, manual calculation, seems to be something a field we could add to the TCP dissector. But it is tricky when there ar |
2025-04-10 10:52:11 +0000 | commented answer | SSL connection failing The MTU size is not directly visible in network packets, as it is a setting off the network interface. But the TCP MSS i |
2025-04-09 20:57:50 +0000 | received badge | ● Rapid Responder (source) |
2025-04-09 20:57:50 +0000 | answered a question | SSL connection failing Looks like the old AS400 was tweaked to use an MTU of 1492 instead of the standard 1500. The new AS400 is using an MTU o |
2025-04-04 18:24:52 +0000 | commented answer | Help Tracking Delayed Packets I did a quick check on a TCP delta time of >10 seconds, but that does not show anything. So it is not just a simple l |
2025-04-04 09:22:29 +0000 | commented answer | Help Tracking Delayed Packets Thanks for the files, great that you used tracewrangler to anonimize them. Unfortunaly I think the clue in this case wou |
2025-04-04 08:10:52 +0000 | commented answer | Help Tracking Delayed Packets Welcome to the wonderful world of Packet Analysis :-) Yes, we don't have files sharing enabled to prevent all kinds of |
2025-04-04 06:54:19 +0000 | received badge | ● Rapid Responder (source) |
2025-04-04 06:54:19 +0000 | answered a question | Help Tracking Delayed Packets Nice to see you're jumping on the packet analysis bandwagon. It's impossible to do a troubleshooting course in one answe |
2025-04-01 22:08:57 +0000 | received badge | ● Rapid Responder (source) |
2025-04-01 22:08:57 +0000 | answered a question | "Expert Info Severity" column doesn't show the most severe severity. Do you by any chance have selected a non-zero value for occurrence in the column definition? As your column only shows o |
2025-03-31 18:24:32 +0000 | commented answer | Lots (but not all) of TCP CHECKSUM INCORRECT on Windows Another thing I noticed is that the embedded device is sending a window size of 2048 bytes max. The client is sending ht |
2025-03-31 18:07:39 +0000 | answered a question | Lots (but not all) of TCP CHECKSUM INCORRECT on Windows It looks like all checksum error messages are indeed caused by checksum offloading.The partial checksum calculation is d |
2025-03-06 22:37:10 +0000 | commented answer | Different dissect results for tshark and Wireshark Oops, Wireshark and Tshark do not use the same profile by default, so yes, if you are using a non-default profile in Wir |
2025-03-05 16:39:20 +0000 | received badge | ● Rapid Responder (source) |
2025-03-05 16:39:20 +0000 | answered a question | Different dissect results for tshark and Wireshark I suspect that somehow your Wireshark is using a different profile than your tshark (normally tshark should be using the |
2025-03-02 08:50:23 +0000 | received badge | ● Rapid Responder (source) |
2025-03-02 08:50:23 +0000 | answered a question | what is slowing down the restore? First the lowhanging fruit, is the window size too small, not scaled enough? For this to calculate, you need the used wi |
2025-02-25 18:45:41 +0000 | commented answer | UDP Checksum Assuming there is timeout for retransmitting a block when no ACK is received, you could use a filter like tftp and udp.t |
2025-02-25 13:37:43 +0000 | received badge | ● Rapid Responder (source) |
2025-02-25 13:37:43 +0000 | answered a question | UDP Checksum The meaning of any checksum, whether it is at the UDP layer or any other layer is to detect errors in the data. When dat |
2025-02-23 16:19:59 +0000 | commented answer | Windows Server DNS response cut short I'm no Azure administrator, but in the linked document I do not see any reference to have the zone locally configured as |
2025-02-23 14:32:38 +0000 | commented answer | Windows Server DNS response cut short It’s not DNS There’s no way it’s DNS It was DNS Good find, glad you were able to solve it, does make one wonder why the |
2025-02-22 15:21:41 +0000 | commented question | Windows Server DNS response cut short Are you sure it is truncated, there could be reassembly of IP fragments at work? Also, is the "truncated" flag set in th |
2025-02-20 07:55:01 +0000 | commented answer | Inconsistent filter results Interesting case, must be something like that. @Mick b Are you able to share (part) of the file or would that expose sen |