2023-06-07 10:06:06 +0000 | edited question | please help me to analyze the network in my place please help me to analyze the network in my place i use remote desktop for my work. but lately when i ping my pc i often |
2023-06-06 16:01:37 +0000 | edited question | couldn't attach dumpcap to my own defined device couldn't attach dumpcap to my own defined device Hello out there, a while ago I defined my own device with a kernel modu |
2023-06-02 13:44:39 +0000 | commented question | Missing MAC addresses in pcap. What do you mean by "missing MACs"? How have you determined the MAC address is missing? |
2023-06-02 12:19:45 +0000 | commented answer | Wireshark 3.2 Some/IP Dissector Payload interpretation This should be a separate question |
2023-05-23 15:59:23 +0000 | answered a question | web socket decompressing issue The dissector for websocket is here, maybe the function websocket_uncompress() helps. Note that zlib is a "stream" comp |
2023-05-23 15:59:23 +0000 | received badge | ● Rapid Responder (source) |
2023-05-23 07:55:16 +0000 | answered a question | Installed Wireshark and Npcap, but the loopback adaptor is not an option on installation. The recent npcap installers, for some time, don't have an option to install the loopback adaptor, it's automagically ins |
2023-05-23 07:55:16 +0000 | received badge | ● Rapid Responder (source) |
2023-05-21 11:00:39 +0000 | commented question | dtls version 1.3 packet dissector FYI, see https://gitlab.com/wireshark/wireshark/-/issues/18071 |
2023-05-21 10:57:32 +0000 | answered a question | How can i automate my wireshark forensic captures Wireshark itself doesn't provide this capability. you'll need to use an external application, e.g. a script language, to |
2023-05-21 10:57:32 +0000 | received badge | ● Rapid Responder (source) |
2023-05-21 10:54:10 +0000 | answered a question | Is there a simple setup to use Wireshark to track server connections? You should be able to capture the SMTP traffic by installing and using Wireshark on the system that's using Thunderbird. |
2023-05-21 10:54:10 +0000 | received badge | ● Rapid Responder (source) |
2023-05-19 08:08:01 +0000 | edited question | Same notebook - same server to contact - different behavior – different setting parameter [conversation completeness] Same notebook - same server to contact - different behavior – different setting parameter [conversation completeness] Hi |
2023-05-18 07:38:20 +0000 | commented answer | How to let tshark reassemble the fragments on GRE? Wireshark will happily reassemble fragmented IP packets, but it MUST see ALL the fragments to complete reassembly. Usin |
2023-05-18 07:34:17 +0000 | commented answer | How to let tshark reassemble the fragments on GRE? If the IP fragments had been reassembled then wouldn't they show up as SIP? |
2023-05-17 08:57:01 +0000 | edited question | how to decapsulate sdh using editcap how to decapsulate sdh using editcap Getting error: cannot write pcapng file. I am using: editcap -T sdh --F pcapng |
2023-05-17 08:55:04 +0000 | received badge | ● Rapid Responder (source) |
2023-05-17 08:55:04 +0000 | answered a question | How to let tshark reassemble the fragments on GRE? Seems to be very similar to this question. As the IP reassembly doesn't appear to have completed there will be no attem |
2023-05-17 08:53:58 +0000 | edited question | How to let tshark reassemble the fragments on GRE? How to let tshark reassemble the fragments on GRE? I have captured on pcap with gre traffic. and could filter out the gr |
2023-05-15 12:27:40 +0000 | commented answer | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? I think you mean you can't post it here because of our anti-spam measures. You can share it on a public share, e.g. Goo |
2023-05-15 11:32:02 +0000 | commented answer | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? Works for me, although I'm not able to test with your capture file unless you share it. I used the capture file attache |
2023-05-15 10:26:21 +0000 | commented answer | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? A -o flag only changes the settings for that script run, not your saved preferences. You can check this by looking at t |
2023-05-15 10:24:45 +0000 | commented answer | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? A -o flag only changes the settings for that script run, not your saved preferences. You can check this be checking the |
2023-05-15 10:20:50 +0000 | commented answer | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? Thank you so much. I have one more question. I don't want to change general settings of tshark so can i change this opti |
2023-05-15 10:02:57 +0000 | answered a question | Display Filters in TSHARK tshark -G fields will display all fields that may be used in display filters. To then only see http fields, use your sh |
2023-05-15 10:02:57 +0000 | received badge | ● Rapid Responder (source) |
2023-05-15 09:47:31 +0000 | received badge | ● Rapid Responder (source) |
2023-05-15 09:47:31 +0000 | answered a question | Disabling "Reassemble Fragmented IPv4 datagrams" preference in IPv4 protocol for tshark? All Wireshark preference settings can also be set via tshark options using the -o <setting name>:<value> fla |
2023-05-11 14:15:20 +0000 | received badge | ● Rapid Responder (source) |
2023-05-11 14:15:20 +0000 | answered a question | Tcpdump - any experts to explain exactly what the output means? There's no reply at all in the capture, all the packets are from app01.contoso.com:44531 to 10.11.12.20:1002. The traff |
2023-05-11 13:56:07 +0000 | commented question | tshark command: failed to start process, how to debug this error? Works for me (Win 10), can you show the full output from tshark -v? |
2023-05-11 13:13:53 +0000 | edited question | tshark command: failed to start process, how to debug this error? tshark command: failed to start process, how to debug this error? I am using the command line to look through packets in |
2023-05-11 13:13:35 +0000 | commented question | tshark command: failed to start process, how to debug this error? Does tshark -v show the version info? |
2023-05-11 09:11:24 +0000 | commented question | Win10 computer has some kind of DNS/DHCP issue that only resetting the DNS servers in the router fixes. Other devices on the network unaffected. Not a Wireshark question, although I'm not sure where to redirect you, maybe a Windows forum? |
2023-05-04 07:44:10 +0000 | edited question | ARP Storming??? ARP Storming??? I am relatively new to Wireshark, recently accepted a new IT position, network seems a bit slow so I did |
2023-04-28 15:59:57 +0000 | received badge | ● Rapid Responder (source) |
2023-04-28 15:59:57 +0000 | answered a question | Can wireshark show the source process of an outgoing packet Unfortunately not on Windows. On Windows, tools such as Process Monitor may help. |
2023-04-28 09:51:58 +0000 | commented answer | time not working - always shows boot time of PC @LBee, npcap 1.75 is out, seems to work for me. See the changelog here |
2023-04-24 13:43:37 +0000 | edited answer | Is It Possible to Lock an Installed Npcap From Being Used, For Data Security Reasons? Npcap can be installed in "Admin required" mode but unfortunately that is almost unusable with Wireshark as it then requ |
2023-04-24 13:36:03 +0000 | commented answer | Is It Possible to Lock an Installed Npcap From Being Used, For Data Security Reasons? Thank you grahamb for your reply. Regarding the first solution ("Admin required") - you are right, that's not going t |
2023-04-24 13:35:48 +0000 | commented answer | Is It Possible to Lock an Installed Npcap From Being Used, For Data Security Reasons? Thank you grahamb for your reply. Regarding the first solution ("Admin required") - you are right, that's not going t |
2023-04-24 12:44:34 +0000 | received badge | ● Rapid Responder (source) |
2023-04-24 12:44:34 +0000 | answered a question | Is It Possible to Lock an Installed Npcap From Being Used, For Data Security Reasons? Npcap can be installed in "Admin required" mode but unfortunately that is almost unusable with Wireshark as it then requ |
2023-04-24 11:32:48 +0000 | commented question | time not working - always shows boot time of PC Hi Graham Looks like 1.74 Running on 64-bit Windows (22H2), build 22624, with AMD Ryzen 7 2700 Eight-Core Processor ( |
2023-04-24 11:32:13 +0000 | commented answer | time not working - always shows boot time of PC @Jaap, fixed. |
2023-04-24 10:54:20 +0000 | commented answer | time not working - always shows boot time of PC You've probably reverted to an older version of npcap. Wireshark 4.0.5 comes with npcap 1.71 that has the "promiscuous m |
2023-04-24 10:50:51 +0000 | edited answer | time not working - always shows boot time of PC OK, like you I have manually installed npcap 1.74 and have the same issue, timestamps in captures are all identical and |
2023-04-24 10:16:53 +0000 | answered a question | time not working - always shows boot time of PC OK, like you I have manually installed npcap 1.74 and have the same issue, timestamps in captures are all identical and |
2023-04-24 10:16:53 +0000 | received badge | ● Rapid Responder (source) |