2021-03-01 09:52:03 +0000 | commented answer | arp who has... tell... Also for the IIS server, see if the ARP requests are following DNS requests pointing to the requested IP addresses in th |
2021-02-23 20:47:12 +0000 | commented question | How do I decode a UDP encapsulated FTP packet ? The UDP payload does not resemble something the FTP protocol would produce. Was the payload anonimized? Regarding encap |
2021-02-17 08:39:01 +0000 | commented question | Disconnection issues and what could be causing them. A 'disconnection problem' is a very open problem description, as there are quite a few sessions in your capture, what ki |
2021-02-16 14:43:45 +0000 | commented question | Disconnection issues and what could be causing them. @YasithHashen Unfortunately I can't view your capture on cloudshark, did you mark it as public? |
2021-02-11 18:36:47 +0000 | commented question | arp packets ARP discovery packets are broadcast but ARP renewal packets are unicast. |
2021-02-11 09:18:59 +0000 | commented answer | tshark strange behavior with capture filter @cmaynard Thank you for expanding on this. You are absolutely right in having to take into account different versions a |
2021-02-10 11:42:05 +0000 | answered a question | tshark strange behavior with capture filter I've figured out what is the issue: The PC sees GRE / ERSPAN. OK, that means the offsets of where to find the port |
2021-02-10 08:23:51 +0000 | commented question | How do I decode a UDP encapsulated FTP packet ? What kind of encapsulation is used to encapsulate the TCP-FTP packets in UDP packets (assuming you mean FTP-over-TCP whe |
2021-02-01 13:43:46 +0000 | answered a question | show tcp streams which don't include string You can split the filter into the two elements, command and parameter. That way you can see all "EHLO" command lines tha |
2021-01-26 17:22:55 +0000 | commented answer | SMS over SIP trunk does not work Good to hear it has been resolved, took some time to convince them apparently... |
2020-12-12 13:01:41 +0000 | answered a question | Source, destination, protocol blank @EssexGeoff Thanks for the pcap file. There is nothing wrong with the file, as it is showing data in the source/destinat |
2020-12-12 13:01:41 +0000 | received badge | ● Rapid Responder (source) |
2020-12-12 12:00:34 +0000 | commented question | Source, destination, protocol blank Did you slice the packets to only 34 bytes or less? What do you see? Can you share a pcap file? It's really hard to see |
2020-12-12 11:57:57 +0000 | received badge | ● Rapid Responder (source) |
2020-12-12 11:57:57 +0000 | answered a question | can a proxy use a single tcp connection to a remote website for many different client connections (serialize several client requests into one outgoing request)? Yes, Web-proxies can be configured to optimize by multiplexing client requests over existing serverside requests. On the |
2020-11-08 21:13:50 +0000 | answered a question | where is the config file (MacOS) You can see where wireshark looks for your settings by going to "Wireshark" -> "About Wireshark" and then open the "F |
2020-11-08 21:13:50 +0000 | received badge | ● Rapid Responder (source) |
2020-11-06 15:13:54 +0000 | commented question | SMS over SIP trunk does not work @JasMan, yes, "temporary" has a very elastic meaning :-) |
2020-11-04 12:21:46 +0000 | commented question | SMS over SIP trunk does not work @jasman Has the issue been resolved? And if so, what was the root-cause of the issue? |
2020-11-03 08:30:23 +0000 | commented question | Mini Packet Capture device What is the sustained and burst bandwidth that you need to capture? How much storage will you need, based on the average |
2020-10-28 10:46:15 +0000 | commented answer | How to filter STUN packets by info column in wireshark Is there information in the info column that is not available in any field? Then you're out-of-luck regarding filtering. |
2020-10-28 08:45:53 +0000 | received badge | ● Rapid Responder (source) |
2020-10-28 08:45:53 +0000 | answered a question | How to filter STUN packets by info column in wireshark You can display stun packets with the filter: stun or classicstun (there are two versions of the stun protocol) |
2020-10-26 17:09:06 +0000 | commented answer | Machines get IP address but no connectivity - DNS issue? Thanks SYN-bit, your analysis is spot on. Here are the errors I'm seeing when I go to Statistics: 11 Ethertype: Bad che |
2020-10-26 13:22:03 +0000 | answered a question | Machines get IP address but no connectivity - DNS issue? Here is another capture. This machine was connected to LAN, no WiFi or any other connectivity: https://www.drop |
2020-10-22 13:46:03 +0000 | commented answer | TCP FIN with Data causing RST Interesting, so THEY are sending data in the FIN to you and only when THEY do than, the session is not properly closed. |
2020-10-21 22:51:47 +0000 | commented answer | TCP FIN with Data causing RST Just to verify, does this session closure cause problems? As all data does get acked. The only thing that does not get a |
2020-10-21 12:17:52 +0000 | received badge | ● Rapid Responder (source) |
2020-10-21 12:17:52 +0000 | answered a question | Having RTP Issues on Calls SIP endpoints (User-Agents) need a constant stream of RTP to play the audio. Usually RTP packets are send each 20ms (as |
2020-10-21 12:08:10 +0000 | received badge | ● Rapid Responder (source) |
2020-10-21 12:08:10 +0000 | answered a question | TCP FIN with Data causing RST Setting the TCP FIN flag just means you are done sending data. That is usually done in a separate packet with no data, b |
2020-10-20 08:48:07 +0000 | commented answer | TCP Retransmissions after [FIN, ACK] same tcp stream OK, with the AV disabled it works, then I would say you'll need to file a bug-report to the AV vendor. Glad you were abl |
2020-10-20 07:02:52 +0000 | answered a question | TCP Retransmissions So if I understand your problem correctly, when only serving incoming connections, the server is doing great. Once you s |
2020-10-20 07:02:52 +0000 | received badge | ● Rapid Responder (source) |
2020-10-17 17:56:59 +0000 | commented answer | Why is the source address column not showing the resolved name? @grahamb In the packet details, the src is a RFC1918 address and is also not resolved in the dst column. It would indee |
2020-10-17 16:07:46 +0000 | received badge | ● Rapid Responder (source) |
2020-10-17 16:07:46 +0000 | answered a question | Why is the source address column not showing the resolved name? I suspect you have the "Src addr (unresolved)" in your column definition instead of "Source Address"? |
2020-10-13 11:00:40 +0000 | received badge | ● Rapid Responder (source) |
2020-10-13 11:00:40 +0000 | answered a question | TCP Retransmissions after [FIN, ACK] same tcp stream In frame 117548, the client responds to the RST in frame 117547. From the ACK (13685090) it can be deducted that the cli |
2020-10-11 10:31:08 +0000 | commented question | Protocol Hierarchy Statistics Hi @vicky71 in the screenshot you selected Data under UDP under IPv4 under Ethernet under Frame, so it makes sense that |
2020-10-11 09:57:25 +0000 | commented answer | How to display only packet, packet size, and timestamp? Thanks for the kind words @chuckc tshark -G fields will give you an overview of the (thousands) of available fields. Yo |
2020-10-11 09:57:02 +0000 | commented answer | How to display only packet, packet size, and timestamp? Thanks for the kind words @chuckc tshark -G will give you an overview of the (thousands) of available fields. You could |
2020-09-18 20:39:42 +0000 | commented answer | Packet List pane missing and option in View greyed out You're welcome, glad I could help! |
2020-09-18 20:39:24 +0000 | commented answer | Packet List pane missing and option in View greyed out You're welcom, glad I could help! |
2020-09-18 20:30:45 +0000 | received badge | ● Rapid Responder (source) |
2020-09-18 20:30:45 +0000 | answered a question | Packet List pane missing and option in View greyed out The most logical explanation is that you changed the layout preferences. Go to Wireshark -> Preferences -> Appeara |
2020-09-18 16:07:05 +0000 | commented question | SMS over SIP trunk does not work Are you able to capture on the PBX? That way you can see how the RTP comes in from the SMS-gateway and how it is forward |
2020-09-15 09:35:21 +0000 | received badge | ● Rapid Responder (source) |
2020-09-15 09:35:21 +0000 | answered a question | How to Capture Outbound Packets from my HP Printer Have a look at the Wireshark Wiki page about capturing on Ethernet networks. On a low budget, I like to use a NetGear G |
2020-09-15 09:23:52 +0000 | commented question | What causes a packet RST,ASK between client and SMB server? Who is sending the RST and how much delay is there between the last "Session Setup Response"? Also, a pcap file really |