| 2023-10-28 21:28:19 +0000 | received badge | ● Famous Question (source) |
| 2022-01-01 11:29:24 +0000 | received badge | ● Notable Question (source) |
| 2022-01-01 11:29:24 +0000 | received badge | ● Popular Question (source) |
| 2021-06-27 01:18:26 +0000 | received badge | ● Famous Question (source) |
| 2021-06-27 01:18:03 +0000 | received badge | ● Famous Question (source) |
| 2021-06-27 01:18:03 +0000 | received badge | ● Notable Question (source) |
| 2021-06-27 01:18:03 +0000 | received badge | ● Popular Question (source) |
| 2021-06-25 08:12:45 +0000 | received badge | ● Popular Question (source) |
| 2021-03-02 04:27:46 +0000 | received badge | ● Notable Question (source) |
| 2021-03-02 04:27:46 +0000 | received badge | ● Popular Question (source) |
| 2020-04-17 02:38:55 +0000 | received badge | ● Famous Question (source) |
| 2020-04-17 02:38:55 +0000 | received badge | ● Notable Question (source) |
| 2020-04-17 02:38:55 +0000 | received badge | ● Popular Question (source) |
| 2020-04-12 19:55:05 +0000 | asked a question | Missing data patterns and inferences Missing data patterns and inferences I'm a data scientist new to Wireshark/networking data. I pulled some fields from a |
| 2020-04-10 14:40:29 +0000 | marked best answer | tshark: tls.resumed field isn't valid I have a 130 MB But I get the error message: I know this field should exist based on the official documentation: https://www.wireshark.org/docs/dfref/... So how do I proceed if I want the information contained within this field? Is the documentation outdated? Is this a data collection issue? Are there one or more other fields I can use instead? I am attempting to stitch together multiple packets into a single "conversation." |
| 2020-04-10 14:40:27 +0000 | commented answer | tshark: tls.resumed field isn't valid that would do this trick. i guess this is a very bad question -- just a typo. i will delete it. thanks! |
| 2020-04-10 14:01:52 +0000 | asked a question | tshark: tls.resumed field isn't valid tshark: tls.resumed field isn't valid I have a 130 MB .pcap file. I tried running the following command: tshark -r C:\U |
| 2020-04-07 14:13:02 +0000 | commented answer | tcp.flags.str explanation thank you. your answer was helpful as well. i lack the reputation to upvote it though. |
| 2020-04-07 14:04:21 +0000 | marked best answer | tcp.flags.str explanation Is there an explanation or mapping of TCP flags ( For example, what does |
| 2020-04-07 12:51:38 +0000 | asked a question | tcp.flags.str explanation tcp.flags.str explanation Is there an explanation or mapping of TCP flags (tcp.flags.str) somewhere? I have Googled and |
| 2020-04-04 12:26:27 +0000 | asked a question | why is tshark printing output to console? why is tshark printing output to console? I have some tshark command that is printing the output to console instead of s |
| 2020-04-03 17:20:22 +0000 | edited question | Wireshark/tshark: calculating Windows 10 desktop uptime Wireshark/tshark: calculating Windows 10 desktop uptime I'm interesting in tracking/calculating the uptime of a Windows |
| 2020-04-03 17:19:59 +0000 | asked a question | Wireshark/tshark: calculating Windows 10 desktop uptime Wireshark/tshark: calculating Windows 10 desktop uptime I'm interesting in tracking/calculating the uptime of a Windows |
| 2020-04-02 21:33:18 +0000 | commented answer | Wireshark equivalent of TSecr? Hi. The reason I ask is because my .pcap file doesn’t contain a TSVal or TSecr or tcp.options.timestamp.tsecr field, whe |
| 2020-04-02 20:08:56 +0000 | asked a question | Wireshark equivalent of TSecr? Wireshark equivalent of TSecr? Does Wireshark capture the equivalent of TSecr or provide the information needed to calcu |
| 2020-04-02 20:00:15 +0000 | marked best answer | Wireshark Filter explanations/guide I am a data scientist analyzing packet data from Wireshark but I do not have a networking background. It's been a laborious process of Googling each filter from the Such a definition doesn't answer critical questions like, "what is the range of integers for My question is, is there a cheat sheet for newbies/non-network engineers with such information? Thus far, it seems like in-depth explanations can occasionally be found in the Wireshark documentation, albeit spread across many chapters. I can also find discussion of individual fields on forums/blogs, but with 273+ fields to try to understand, I'm wondering if there is a better resource I haven't yet found that is available. |
| 2020-04-02 20:00:15 +0000 | received badge | ● Scholar (source) |
| 2020-04-02 17:22:45 +0000 | asked a question | TLS Handshake Ciphersuite: how to extract `showname` string using tshark? TLS Handshake Ciphersuite: how to extract `showname` string using tshark? I am trying to extract sensible information fr |
| 2020-04-02 15:40:33 +0000 | asked a question | Wireshark Filter explanations/guide Wireshark Filter explanations/guide I am a data scientist analyzing packet data from Wireshark but I do not have a netwo |
| 2020-03-25 15:54:08 +0000 | asked a question | Why do JSON and PDML exports have different data from the same session? Why do JSON and PDML exports have different data from the same session? I am new to Wireshark. I filtered my captured pa |
| 2019-05-16 16:48:58 +0000 | commented answer | Infer machine boot time/up-time from network packets? Thanks Bob. I could test NMAP's uptime calculation using known devices and see how well it performs. However, the popula |
| 2019-05-15 09:31:35 +0000 | commented answer | Infer machine boot time/up-time from network packets? it looks like NMAP captures exactly the information I am looking for. Is there a way to get/make an uptime guess from Wi |
| 2019-05-15 09:28:03 +0000 | commented answer | Infer machine boot time/up-time from network packets? it looks like NMAP captures exactly the information I am looking for. Is there a way to get/make an uptime guess from Wi |
| 2019-05-15 09:27:42 +0000 | commented answer | Infer machine boot time/up-time from network packets? NMAP is actually exactly what I was looking for. Is there a way to get/make an uptime guess from Wireshark packets? We o |
| 2019-05-15 09:26:36 +0000 | commented answer | Infer machine boot time/up-time from network packets? NMAP is actually exactly what I was looking for. Is there a way to get/make an uptime guess from Wireshark packets? We o |
| 2019-05-14 23:08:43 +0000 | commented answer | Infer machine boot time/up-time from network packets? Sounds like a lot of conditions must be met for boot time information to be captured. I have heard that such information |
| 2019-05-14 18:06:36 +0000 | commented question | Infer machine boot time/up-time from network packets? by boot time, I mean the wall-clock time when the machine booted. and yes, by up-time, i mean how long the machine has b |
| 2019-05-14 14:25:04 +0000 | commented question | Infer machine boot time/up-time from network packets? I am doing a research project in partnership with a company. The company has authoritative DNS servers. |
| 2019-05-14 14:11:44 +0000 | asked a question | Infer machine boot time/up-time from network packets? Infer machine boot time/up-time from network packets? Is it possible to infer machine boot time/up-time from network pac |
| 2019-05-14 14:04:38 +0000 | commented answer | How to capture RTP packets? thank you. that is helpful information |
| 2019-05-14 14:04:28 +0000 | commented answer | How to capture RTP packets? thank you. that is helpful information for me to unpack there |
| 2019-05-13 23:57:31 +0000 | received badge | ● Editor (source) |
| 2019-05-13 23:57:31 +0000 | edited question | How to capture RTP packets? How to capture RTP packets? I am trying to find the clock drift information for each of the machines (e.g. my work lapto |
| 2019-05-13 23:56:16 +0000 | asked a question | How to capture RTP packets? How to capture RTP packets? I am trying to figure out the clock drift of the machines using my router/Internet. Based on |
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.