| Oct 28 '3 | received badge | ● Famous Question (source) |
| Jan 1 '2 | received badge | ● Notable Question (source) |
| Jan 1 '2 | received badge | ● Popular Question (source) |
| Jun 27 '1 | received badge | ● Famous Question (source) |
| Jun 27 '1 | received badge | ● Famous Question (source) |
| Jun 27 '1 | received badge | ● Notable Question (source) |
| Jun 27 '1 | received badge | ● Popular Question (source) |
| Jun 25 '1 | received badge | ● Popular Question (source) |
| Mar 2 '1 | received badge | ● Notable Question (source) |
| Mar 2 '1 | received badge | ● Popular Question (source) |
| Apr 17 '0 | received badge | ● Famous Question (source) |
| Apr 17 '0 | received badge | ● Notable Question (source) |
| Apr 17 '0 | received badge | ● Popular Question (source) |
| Apr 12 '0 | asked a question | Missing data patterns and inferences Missing data patterns and inferences I'm a data scientist new to Wireshark/networking data. I pulled some fields from a |
| Apr 10 '0 | marked best answer | tshark: tls.resumed field isn't valid I have a 130 MB But I get the error message: I know this field should exist based on the official documentation: https://www.wireshark.org/docs/dfref/... So how do I proceed if I want the information contained within this field? Is the documentation outdated? Is this a data collection issue? Are there one or more other fields I can use instead? I am attempting to stitch together multiple packets into a single "conversation." |
| Apr 10 '0 | commented answer | tshark: tls.resumed field isn't valid that would do this trick. i guess this is a very bad question -- just a typo. i will delete it. thanks! |
| Apr 10 '0 | asked a question | tshark: tls.resumed field isn't valid tshark: tls.resumed field isn't valid I have a 130 MB .pcap file. I tried running the following command: tshark -r C:\U |
| Apr 7 '0 | commented answer | tcp.flags.str explanation thank you. your answer was helpful as well. i lack the reputation to upvote it though. |
| Apr 7 '0 | marked best answer | tcp.flags.str explanation Is there an explanation or mapping of TCP flags ( For example, what does |
| Apr 7 '0 | asked a question | tcp.flags.str explanation tcp.flags.str explanation Is there an explanation or mapping of TCP flags (tcp.flags.str) somewhere? I have Googled and |
| Apr 4 '0 | asked a question | why is tshark printing output to console? why is tshark printing output to console? I have some tshark command that is printing the output to console instead of s |
| Apr 3 '0 | edited question | Wireshark/tshark: calculating Windows 10 desktop uptime Wireshark/tshark: calculating Windows 10 desktop uptime I'm interesting in tracking/calculating the uptime of a Windows |
| Apr 3 '0 | asked a question | Wireshark/tshark: calculating Windows 10 desktop uptime Wireshark/tshark: calculating Windows 10 desktop uptime I'm interesting in tracking/calculating the uptime of a Windows |
| Apr 2 '0 | commented answer | Wireshark equivalent of TSecr? Hi. The reason I ask is because my .pcap file doesn’t contain a TSVal or TSecr or tcp.options.timestamp.tsecr field, whe |
| Apr 2 '0 | asked a question | Wireshark equivalent of TSecr? Wireshark equivalent of TSecr? Does Wireshark capture the equivalent of TSecr or provide the information needed to calcu |
| Apr 2 '0 | marked best answer | Wireshark Filter explanations/guide I am a data scientist analyzing packet data from Wireshark but I do not have a networking background. It's been a laborious process of Googling each filter from the Such a definition doesn't answer critical questions like, "what is the range of integers for My question is, is there a cheat sheet for newbies/non-network engineers with such information? Thus far, it seems like in-depth explanations can occasionally be found in the Wireshark documentation, albeit spread across many chapters. I can also find discussion of individual fields on forums/blogs, but with 273+ fields to try to understand, I'm wondering if there is a better resource I haven't yet found that is available. |
| Apr 2 '0 | received badge | ● Scholar (source) |
| Apr 2 '0 | asked a question | TLS Handshake Ciphersuite: how to extract `showname` string using tshark? TLS Handshake Ciphersuite: how to extract `showname` string using tshark? I am trying to extract sensible information fr |
| Apr 2 '0 | asked a question | Wireshark Filter explanations/guide Wireshark Filter explanations/guide I am a data scientist analyzing packet data from Wireshark but I do not have a netwo |
| Mar 25 '0 | asked a question | Why do JSON and PDML exports have different data from the same session? Why do JSON and PDML exports have different data from the same session? I am new to Wireshark. I filtered my captured pa |
| May 16 '19 | commented answer | Infer machine boot time/up-time from network packets? Thanks Bob. I could test NMAP's uptime calculation using known devices and see how well it performs. However, the popula |
| May 15 '19 | commented answer | Infer machine boot time/up-time from network packets? it looks like NMAP captures exactly the information I am looking for. Is there a way to get/make an uptime guess from Wi |
| May 15 '19 | commented answer | Infer machine boot time/up-time from network packets? it looks like NMAP captures exactly the information I am looking for. Is there a way to get/make an uptime guess from Wi |
| May 15 '19 | commented answer | Infer machine boot time/up-time from network packets? NMAP is actually exactly what I was looking for. Is there a way to get/make an uptime guess from Wireshark packets? We o |
| May 15 '19 | commented answer | Infer machine boot time/up-time from network packets? NMAP is actually exactly what I was looking for. Is there a way to get/make an uptime guess from Wireshark packets? We o |
| May 14 '19 | commented answer | Infer machine boot time/up-time from network packets? Sounds like a lot of conditions must be met for boot time information to be captured. I have heard that such information |
| May 14 '19 | commented question | Infer machine boot time/up-time from network packets? by boot time, I mean the wall-clock time when the machine booted. and yes, by up-time, i mean how long the machine has b |
| May 14 '19 | commented question | Infer machine boot time/up-time from network packets? I am doing a research project in partnership with a company. The company has authoritative DNS servers. |
| May 14 '19 | asked a question | Infer machine boot time/up-time from network packets? Infer machine boot time/up-time from network packets? Is it possible to infer machine boot time/up-time from network pac |
| May 14 '19 | commented answer | How to capture RTP packets? thank you. that is helpful information |
| May 14 '19 | commented answer | How to capture RTP packets? thank you. that is helpful information for me to unpack there |
| May 13 '19 | received badge | ● Editor (source) |
| May 13 '19 | edited question | How to capture RTP packets? How to capture RTP packets? I am trying to find the clock drift information for each of the machines (e.g. my work lapto |
| May 13 '19 | asked a question | How to capture RTP packets? How to capture RTP packets? I am trying to figure out the clock drift of the machines using my router/Internet. Based on |