Ask Your Question

grahamb's profile - activity

2019-01-11 10:18:20 +0000 commented question How to disable automatic loading of extcap plugins?

As the "answer" has now been moved to a comment, there is no checkmark for "accepting" it. I'll try to clean it up.

2019-01-11 10:17:04 +0000 commented answer Showing specific HTTP answers of filtered requests

Such minor changes don't normally get announced, the closest we have to that for fields is the Display Filter Reference.

2019-01-11 10:16:46 +0000 commented answer Showing specific HTTP answers of filtered requests

Such minor changes don't normally get announced, the closets we have to that is the Display Filter Reference. Maybe we

2019-01-10 15:17:32 +0000 answered a question Showing specific HTTP answers of filtered requests

Change 31184 added a field http.response_for.uri that contains as much of the request URI as is available. This could b

2019-01-10 15:17:32 +0000 received badge  Rapid Responder (source)
2019-01-10 10:04:49 +0000 answered a question Modbus queries / responses

The Modbus dissector does just the same as a Modbus master when communicating with a slave, it assumes that a response m

2019-01-10 10:04:49 +0000 received badge  Rapid Responder (source)
2019-01-10 09:53:16 +0000 commented question How to disable automatic loading of extcap plugins?

We don't generally close questions when they are answered. Instead, please accept the answer (even if it's your own ans

2019-01-08 07:50:58 +0000 commented answer How to handle 6 byte unsigned integer field in lua dissector?

So it appears your issue wasn't with extracting the 6 byte value as a uint64, but rather adding it to the tree.

2019-01-07 19:06:17 +0000 commented question How to handle 6 byte unsigned integer field in lua dissector?

And we've now come to the limit of my Lua knowledge. Hopefully someone else will be able to help.

2019-01-07 18:41:53 +0000 commented question How to extract uploaded file

From the menu File -> Export Objects -> HTTP ..., then hopefully your file will be listed in the dialog and you ca

2019-01-07 18:39:35 +0000 commented question How to handle 6 byte unsigned integer field in lua dissector?

You have a "::" on the range object, have you tried a single ":"?

2019-01-07 16:30:18 +0000 commented question How to extract uploaded file

Have you compared the files in binary mode, i.e. byte for byte? An editor, and Wireshark for that matter, display binar

2019-01-07 14:10:57 +0000 commented question How to handle 6 byte unsigned integer field in lua dissector?

Caution, I only know enough Lua to be dangerous, but can't you use a tvbrange:uint64() with the 6 byte range, to retriev

2019-01-07 14:10:40 +0000 commented question How to handle 6 byte unsigned integer field in lua dissector?

Caution, I only know enough Lua to be dangerous, but can't you use a tvbrange:uint64() with the 6 byte range, to retriev

2019-01-06 17:35:17 +0000 commented question Clueless about this tech stuff - need HELP

That kind of question is off-topic for this site, Wireshark is a network packet analysis tool, not a malware analysis to

2019-01-04 18:23:07 +0000 received badge  Rapid Responder (source)
2019-01-04 18:23:07 +0000 answered a question Wireshark not detecting file sets

Using files created with a ring buffer capture option (-b) seems to work with a file set. Such files are saved in the f

2019-01-04 12:08:41 +0000 answered a question mqtt ssl decrypt

I missed the fact that in your question you stated that you were trying to use the client key. That won't work, you nee

2018-12-26 17:47:55 +0000 commented question how do you read wireshark capture files?

Can you rephrase your question, it doesn't seem to make any sense? Are you saying that you want to use Wireshark to ext

2018-12-25 15:03:44 +0000 answered a question How do I monitor websites visited through my wifi?

IMHO the best way is definitely to capture the information from the wifi router. Depending on the router, this informat

2018-12-25 15:03:44 +0000 received badge  Rapid Responder (source)
2018-12-25 15:00:48 +0000 commented answer How do I monitor websites visited through my wifi?

While this answer informs on how to view the endpoints from an existing capture, it doesn't tell the user how to make su

2018-12-24 07:53:45 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

Interesting result, RFC 5246 (for TLS 1.2 which you seem to be using) says this about the list of certificates: certifi

2018-12-23 19:32:24 +0000 commented answer filter the responses to a matched HTTP requests

Change 31184 adds the request URI to the response.

2018-12-23 17:26:02 +0000 commented question everything appears twice

Unfortunately your anonymised capture doesn't have the tcp payload data for any of the frames so we can't tell what the

2018-12-23 10:58:49 +0000 commented question everything appears twice

Downloaded OK. Looks as though your TW session has erased all the data of the TCP payload, that's why http isn't showin

2018-12-23 10:49:05 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

Personally I still suspect the client, as everything else is happy with the server config and the client sends the alert

2018-12-23 10:46:22 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

Thanks for the openssl tip. openssl s_client -connect my.domain.com:5172 -tls1_2 -showcerts CONNECTED(00000003) depth=

2018-12-22 18:31:03 +0000 commented answer plugin build errors: msbuild error MSB6006

And that worked in Linux?

2018-12-22 18:30:19 +0000 commented question everything appears twice

BTW, please stop posting comments as "Answers".

2018-12-22 18:28:58 +0000 answered a question Getting a PDF file from printing job

Unless you can find a PJL to PDF converter I think that's a no.

2018-12-22 18:28:58 +0000 received badge  Rapid Responder
2018-12-22 18:28:22 +0000 commented question everything appears twice

As is usual, solving issues via screenshot is difficult and frustrating because it's the info in the capture that we can

2018-12-21 16:47:01 +0000 commented question mqtt ssl decrypt

We'll need your Wireshark TLS debug log, set in the TLS dissector preferences.

2018-12-21 12:08:24 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

Looks like an issue in the client then.

2018-12-21 11:50:04 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

I think you'll have to debug the client, is it a browser? If so have you tried another? Can you use openssl s_client .

2018-12-21 10:56:22 +0000 commented question mqtt ssl decrypt

Is the TLS encryption using an RSA scheme? What is the cipher suite selected by the server?

2018-12-21 10:37:33 +0000 commented question TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Internal Error)

As is often the case, troubleshooting by screenshot of a a few columns from a capture is a frustrating exercise. Can yo

2018-12-21 10:32:44 +0000 received badge  Rapid Responder (source)
2018-12-21 10:32:44 +0000 answered a question Getting a PDF file from printing job

It's not a PDF, instead it's a printer job using HP Printer Job Language (PJL).

2018-12-20 19:50:27 +0000 commented question everything appears twice

Unfortunately I think the answer lies in the capture.

2018-12-20 18:42:25 +0000 commented question everything appears twice

It's likely to be something in your capture setup as Wireshark won't just "invent" packets. Can you describe your captu

2018-12-20 17:46:27 +0000 commented answer Register routine, register_tap_listener, register_wtap_module, register_codec_module routines

So you've successfully built the .so and now you're trying to add it to an "installed" version of Wireshark?

2018-12-20 17:45:01 +0000 commented answer Dissector doesn't do anything

Something is up with your source tree as you should have that file, how did you get your sources, a git checkout (prefer

2018-12-20 17:44:34 +0000 commented answer Dissector doesn't do anything

Something is up with your source tree, how did you get it, a git checkout (preferred) or a tarball? The file from our g

2018-12-20 17:09:20 +0000 received badge  Rapid Responder (source)
2018-12-20 17:09:20 +0000 answered a question Register routine, register_tap_listener, register_wtap_module, register_codec_module routines

Section 9.2.1 in the guide has the registration routine, proto_register_foo(), have you somehow omitted that from your s

2018-12-20 17:00:10 +0000 edited question Register routine, register_tap_listener, register_wtap_module, register_codec_module routines

Register Routine, Register_tap_listener, Register_wtap_module, Register_codec_module routines I've followed chapter 9 to

2018-12-20 16:59:32 +0000 answered a question Dissector doesn't do anything

As I did that presentation I can say, yes I did! Looking back at the slide deck, slide 18 (C dissector installation) ha