Ask Your Question

grahamb's profile - activity

2019-09-17 19:57:35 +0000 received badge  Rapid Responder (source)
2019-09-17 19:57:35 +0000 answered a question Why is TLS Decryption is MUCH slower on Windows 10 than MacOS?

There's no deliberate code to slow things down, so your results are unexpected. There is a possibility that different c

2019-09-17 11:39:26 +0000 edited question How do I see data usage per device connected to a router.

HOW DO I SEE DATA USAGE PER DEVICE CONNECTED TO A ROUTER I would like to see all devices connected to my router and see

2019-09-17 11:38:47 +0000 commented question How do I see data usage per device connected to a router.

You won't be able to do this with Wireshark, unless you can somehow persuade your router to make a capture file. If you

2019-09-17 11:00:35 +0000 commented answer Could anyone help look at this capture to find suspicious activity?

I tried asking for help on that forum and received no responses. It is interestingly hard to find much help in this a

2019-09-16 17:52:04 +0000 commented question If I have a transformerless connection that passes traffic, can I add put a transformer connection to ENET switch and use WireShark from PC to switch to snif that traffic?

Can you explain what you mean by a "transformer"? Can you draw a diagram of your network, including the location of the

2019-09-16 16:54:29 +0000 received badge  Rapid Responder (source)
2019-09-16 16:54:29 +0000 answered a question Cannot filter on single IP

To capture the traffic to and from a single IP, select the interface that contains the traffic of interest (if uncertain

2019-09-16 12:45:45 +0000 commented question Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ?

Many companies large and small build Wireshark and plugins on Windows using MSVC with no issue whatsoever. Examining th

2019-09-16 12:00:52 +0000 edited question Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ?

Anybody was building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? I'm in fact in the work of it, but some errors appeare

2019-09-16 11:59:26 +0000 commented question Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ?

Building Wireshark using Cywin isn't a supported option, so you're on your own. There is a buildable Windows version us

2019-09-16 11:59:17 +0000 commented question Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ?

I hope you're being paid well to try to achieve this, good luck. What are the perceived licence restrictions as regards

2019-09-16 11:31:50 +0000 commented question Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ?

Build Wireshark using Cywin isn't a supported option, so you're on your own. There is a buildable Windows version using

2019-09-13 18:55:30 +0000 commented answer Could anyone help look at this capture to find suspicious activity?

I attempted to open it in a browser and it was blocked by my firewall as inappropriate.

2019-09-13 18:14:48 +0000 answered a question MSVC 2017 wireshark project. ALL_BUILD Access denied

Set the "startup" project to be Wireshark by navigating to the wireshark node under "Executables", right-clicking that n

2019-09-13 18:14:48 +0000 received badge  Rapid Responder (source)
2019-09-13 16:05:36 +0000 commented question wsbuild64 successfull Wireshark.exe will not run.

Not many folks build a debug version, try building a regular RelWithDebInfo version. Have you tried running the built v

2019-09-13 12:58:16 +0000 commented answer Could anyone help look at this capture to find suspicious activity?

Internet servers can be all over the place, and IP address to location isn't entirely accurate. Understanding the traff

2019-09-13 10:34:12 +0000 received badge  Rapid Responder (source)
2019-09-13 10:34:12 +0000 answered a question Decoding HDCP2 packets

You don't specify the version of Wireshark you're using, nor your OS which is less than helpful. HDPC2 dissection is a

2019-09-13 09:30:28 +0000 commented answer Could anyone help look at this capture to find suspicious activity?

Hopefully Wireshark will tell you the protocol being used and the IP address of the remote endpoint. Hopefully the prot

2019-09-12 12:37:44 +0000 edited answer Can Wireshark be used as a message duplicator?

No. Wireshark is a packet analyzer and does not create packets. Various tools that are part of the Wireshark suite can

2019-09-12 12:37:22 +0000 received badge  Rapid Responder (source)
2019-09-12 12:37:22 +0000 answered a question Can Wireshark be used as a message duplicator?

No. Wireshark is a packet analyzer and does not create packets. Various tools that are part of the Wireshark suite can

2019-09-12 11:22:33 +0000 commented question Why has the 8 in the MAC address in the capture window been replaced with an a?

The "Packets window" information displays the IPv6 addresses used for the DHCPv6 packet, not the MAC address. The sourc

2019-09-12 11:19:06 +0000 edited question Why has the 8 in the MAC address in the capture window been replaced with an a?

Can anyone explain this Why has the 8 in the MAC address in the capture window been replaced with an a? ie 48 has becom

2019-09-12 09:37:28 +0000 commented answer Could anyone help look at this capture to find suspicious activity?

It's actually quite difficult to capture traffic from other devices. And as to working out what traffic might be signif

2019-09-11 18:29:33 +0000 commented question Why do I keep getting "No Interfaces Found" when I start Wireshark up?

Unlikely. npcap worked on that version when it was the current one, although it's possible the upgrade might fix someth

2019-09-11 18:28:52 +0000 commented question Why do I keep getting "No Interfaces Found" when I start Wireshark up?

Unlikely. npcap worked on that version when it was the current one.

2019-09-11 16:24:40 +0000 commented question Why do I keep getting "No Interfaces Found" when I start Wireshark up?

The key bit of that info is from the "running" part: with Npcap version 0.995 This shows that you do have a capture l

2019-09-11 16:21:01 +0000 edited question Why do I keep getting "No Interfaces Found" when I start Wireshark up?

Why do I keep getting "No Interfaces Found" when I start Wireshark up? I have redownloaded wireshark multiple times and

2019-09-11 13:29:49 +0000 commented question Why do I keep getting "No Interfaces Found" when I start Wireshark up?

Can you post the contents of the menu Help -> About Wireshark dialog? You can highlight the text and Ctrl + C it to

2019-09-11 10:02:12 +0000 answered a question Could anyone help look at this capture to find suspicious activity?

The question isn't one that's generally handled here. If you could point to a specific bit of traffic then someone migh

2019-09-10 16:48:40 +0000 commented question NPCAP 0.995 gives duplicate packets

Might be worth trying an uninstall of npcap and then an install of WinPcap.

2019-09-09 15:59:41 +0000 received badge  Rapid Responder (source)
2019-09-09 15:59:41 +0000 answered a question Dissection of CIP Message Router Response

You'll note that the items you reference have square brackets ([]) around them, this means they are synthesised by the d

2019-09-09 15:41:53 +0000 commented question Dissection of CIP Message Router Response

The link you shared doesn't seem to be publicly viewable.

2019-09-09 15:31:04 +0000 commented question Dissection of CIP Message Router Response

Post the file on a public file sharing site, e.g. Google Drive, DropBox etc. and then post a link to the file back here

2019-09-09 15:01:11 +0000 commented question Dissection of CIP Message Router Response

Wireshark version? Can you share the capture file?

2019-09-09 13:10:38 +0000 commented answer tshark tcp stream Raw data is not output to the end

You can always raise an entry on the Wireshark Bugzilla. If you can provide a capture that demonstrates the issue that

2019-09-09 12:58:21 +0000 commented answer tshark tcp stream Raw data is not output to the end

It's a bit difficult to progress then without an actual example.

2019-09-09 12:57:26 +0000 answered a question Please update Npcap 0.995 in release package

In hand, see change 34458. This will be released in the forthcoming 3.0.4

2019-09-09 12:57:26 +0000 received badge  Rapid Responder (source)
2019-09-09 08:33:47 +0000 commented answer tshark tcp stream Raw data is not output to the end

For raw tcp data I can't think of any. For other higher level dissectors there are various dependencies on libraries in

2019-09-08 15:54:01 +0000 commented answer tshark tcp stream Raw data is not output to the end

The "capture" library, Winpcap, or npcap for newer versions on Windows or libpcap, makes no difference at all to dissect

2019-09-08 12:57:33 +0000 commented answer tshark tcp stream Raw data is not output to the end

So the issue seems to be a difference between the output from the Linux and Windows versions using the same capture file

2019-09-08 09:18:46 +0000 received badge  Rapid Responder (source)
2019-09-08 09:18:46 +0000 answered a question tshark tcp stream Raw data is not output to the end

There are a number of issues here, firstly your use of tshark to get the raw data and then slight differences in the out

2019-09-08 08:56:54 +0000 received badge  Rapid Responder (source)
2019-09-08 08:56:54 +0000 answered a question Display filter field names in the csv file

From the tshark man page (also in the help output by -h): -E <field print="" option=""> Set an option controll