Ask Your Question

SYN-bit's profile - activity

2021-03-01 09:52:03 +0000 commented answer arp who has... tell...

Also for the IIS server, see if the ARP requests are following DNS requests pointing to the requested IP addresses in th

2021-02-23 20:47:12 +0000 commented question How do I decode a UDP encapsulated FTP packet ?

The UDP payload does not resemble something the FTP protocol would produce. Was the payload anonimized? Regarding encap

2021-02-17 08:39:01 +0000 commented question Disconnection issues and what could be causing them.

A 'disconnection problem' is a very open problem description, as there are quite a few sessions in your capture, what ki

2021-02-16 14:43:45 +0000 commented question Disconnection issues and what could be causing them.

@YasithHashen Unfortunately I can't view your capture on cloudshark, did you mark it as public?

2021-02-11 18:36:47 +0000 commented question arp packets

ARP discovery packets are broadcast but ARP renewal packets are unicast.

2021-02-11 09:18:59 +0000 commented answer tshark strange behavior with capture filter

@cmaynard Thank you for expanding on this. You are absolutely right in having to take into account different versions a

2021-02-10 11:42:05 +0000 answered a question tshark strange behavior with capture filter

I've figured out what is the issue: The PC sees GRE / ERSPAN. OK, that means the offsets of where to find the port

2021-02-10 08:23:51 +0000 commented question How do I decode a UDP encapsulated FTP packet ?

What kind of encapsulation is used to encapsulate the TCP-FTP packets in UDP packets (assuming you mean FTP-over-TCP whe

2021-02-01 13:43:46 +0000 answered a question show tcp streams which don't include string

You can split the filter into the two elements, command and parameter. That way you can see all "EHLO" command lines tha

2021-01-26 17:22:55 +0000 commented answer SMS over SIP trunk does not work

Good to hear it has been resolved, took some time to convince them apparently...

2020-12-12 13:01:41 +0000 answered a question Source, destination, protocol blank

@EssexGeoff Thanks for the pcap file. There is nothing wrong with the file, as it is showing data in the source/destinat

2020-12-12 13:01:41 +0000 received badge  Rapid Responder (source)
2020-12-12 12:00:34 +0000 commented question Source, destination, protocol blank

Did you slice the packets to only 34 bytes or less? What do you see? Can you share a pcap file? It's really hard to see

2020-12-12 11:57:57 +0000 received badge  Rapid Responder (source)
2020-12-12 11:57:57 +0000 answered a question can a proxy use a single tcp connection to a remote website for many different client connections (serialize several client requests into one outgoing request)?

Yes, Web-proxies can be configured to optimize by multiplexing client requests over existing serverside requests. On the

2020-11-08 21:13:50 +0000 answered a question where is the config file (MacOS)

You can see where wireshark looks for your settings by going to "Wireshark" -> "About Wireshark" and then open the "F

2020-11-08 21:13:50 +0000 received badge  Rapid Responder (source)
2020-11-06 15:13:54 +0000 commented question SMS over SIP trunk does not work

@JasMan, yes, "temporary" has a very elastic meaning :-)

2020-11-04 12:21:46 +0000 commented question SMS over SIP trunk does not work

@jasman Has the issue been resolved? And if so, what was the root-cause of the issue?

2020-11-03 08:30:23 +0000 commented question Mini Packet Capture device

What is the sustained and burst bandwidth that you need to capture? How much storage will you need, based on the average

2020-10-28 10:46:15 +0000 commented answer How to filter STUN packets by info column in wireshark

Is there information in the info column that is not available in any field? Then you're out-of-luck regarding filtering.

2020-10-28 08:45:53 +0000 received badge  Rapid Responder (source)
2020-10-28 08:45:53 +0000 answered a question How to filter STUN packets by info column in wireshark

You can display stun packets with the filter: stun or classicstun (there are two versions of the stun protocol)

2020-10-26 17:09:06 +0000 commented answer Machines get IP address but no connectivity - DNS issue?

Thanks SYN-bit, your analysis is spot on. Here are the errors I'm seeing when I go to Statistics: 11 Ethertype: Bad che

2020-10-26 13:22:03 +0000 answered a question Machines get IP address but no connectivity - DNS issue?

Here is another capture. This machine was connected to LAN, no WiFi or any other connectivity: https://www.drop

2020-10-22 13:46:03 +0000 commented answer TCP FIN with Data causing RST

Interesting, so THEY are sending data in the FIN to you and only when THEY do than, the session is not properly closed.

2020-10-21 22:51:47 +0000 commented answer TCP FIN with Data causing RST

Just to verify, does this session closure cause problems? As all data does get acked. The only thing that does not get a

2020-10-21 12:17:52 +0000 received badge  Rapid Responder (source)
2020-10-21 12:17:52 +0000 answered a question Having RTP Issues on Calls

SIP endpoints (User-Agents) need a constant stream of RTP to play the audio. Usually RTP packets are send each 20ms (as

2020-10-21 12:08:10 +0000 received badge  Rapid Responder (source)
2020-10-21 12:08:10 +0000 answered a question TCP FIN with Data causing RST

Setting the TCP FIN flag just means you are done sending data. That is usually done in a separate packet with no data, b

2020-10-20 08:48:07 +0000 commented answer TCP Retransmissions after [FIN, ACK] same tcp stream

OK, with the AV disabled it works, then I would say you'll need to file a bug-report to the AV vendor. Glad you were abl

2020-10-20 07:02:52 +0000 answered a question TCP Retransmissions

So if I understand your problem correctly, when only serving incoming connections, the server is doing great. Once you s

2020-10-20 07:02:52 +0000 received badge  Rapid Responder (source)
2020-10-17 17:56:59 +0000 commented answer Why is the source address column not showing the resolved name?

@grahamb In the packet details, the src is a RFC1918 address and is also not resolved in the dst column. It would indee

2020-10-17 16:07:46 +0000 received badge  Rapid Responder (source)
2020-10-17 16:07:46 +0000 answered a question Why is the source address column not showing the resolved name?

I suspect you have the "Src addr (unresolved)" in your column definition instead of "Source Address"?

2020-10-13 11:00:40 +0000 received badge  Rapid Responder (source)
2020-10-13 11:00:40 +0000 answered a question TCP Retransmissions after [FIN, ACK] same tcp stream

In frame 117548, the client responds to the RST in frame 117547. From the ACK (13685090) it can be deducted that the cli

2020-10-11 10:31:08 +0000 commented question Protocol Hierarchy Statistics

Hi @vicky71 in the screenshot you selected Data under UDP under IPv4 under Ethernet under Frame, so it makes sense that

2020-10-11 09:57:25 +0000 commented answer How to display only packet, packet size, and timestamp?

Thanks for the kind words @chuckc tshark -G fields will give you an overview of the (thousands) of available fields. Yo

2020-10-11 09:57:02 +0000 commented answer How to display only packet, packet size, and timestamp?

Thanks for the kind words @chuckc tshark -G will give you an overview of the (thousands) of available fields. You could

2020-09-18 20:39:42 +0000 commented answer Packet List pane missing and option in View greyed out

You're welcome, glad I could help!

2020-09-18 20:39:24 +0000 commented answer Packet List pane missing and option in View greyed out

You're welcom, glad I could help!

2020-09-18 20:30:45 +0000 received badge  Rapid Responder (source)
2020-09-18 20:30:45 +0000 answered a question Packet List pane missing and option in View greyed out

The most logical explanation is that you changed the layout preferences. Go to Wireshark -> Preferences -> Appeara

2020-09-18 16:07:05 +0000 commented question SMS over SIP trunk does not work

Are you able to capture on the PBX? That way you can see how the RTP comes in from the SMS-gateway and how it is forward

2020-09-15 09:35:21 +0000 received badge  Rapid Responder (source)
2020-09-15 09:35:21 +0000 answered a question How to Capture Outbound Packets from my HP Printer

Have a look at the Wireshark Wiki page about capturing on Ethernet networks. On a low budget, I like to use a NetGear G

2020-09-15 09:23:52 +0000 commented question What causes a packet RST,ASK between client and SMB server?

Who is sending the RST and how much delay is there between the last "Session Setup Response"? Also, a pcap file really