Ask Your Question

grahamb's profile - activity

2021-09-17 12:10:01 +0000 edited question How to add wireless encryption type as a column

How to add wireless encryption to the display Hello, I would like to add the wireless encryption(wep/wpa/wpa2) to the d

2021-09-16 15:34:17 +0000 edited question End device goes offline randomly

End device goes offline randomly Hello, Currently we are having issues with a surtain type of end device that goes offl

2021-09-16 08:18:07 +0000 edited question Lots of TCP retransmission and TCP ACKed unseen segment Windows Server 2019

Lots of TCP retransmission and TCP ACKed unseen segment Windows Server 2019 Hi everyone, We are experiencing performanc

2021-09-15 12:44:27 +0000 commented question Where do I even look to find the reason for a "400 Bad Request" ?

You can post the capture in a public share and then add a link to it back here. I can't spot the issue, but you could c

2021-09-14 16:15:06 +0000 commented question Hello, I cannot decode ethernet traffic data which is encapsulated inside MPLS. How can I do to decode such encapsulated data ? I'm using version 3.0.6.

Not sure. Are you selecting "MPLS Protocol" in the "field "column and then setting the MPLS label value (202311) in the

2021-09-14 15:11:21 +0000 commented question Hello, I cannot decode ethernet traffic data which is encapsulated inside MPLS. How can I do to decode such encapsulated data ? I'm using version 3.0.6.

Have you tried using "Decode As..." on the packets to tell Wireshark what protocol that MPLS label refers to?

2021-09-14 15:03:01 +0000 edited question Hello, I cannot decode ethernet traffic data which is encapsulated inside MPLS. How can I do to decode such encapsulated data ? I'm using version 3.0.6.

Hello, I cannot decode ethernet traffic data which is encapsulated inside MPLS. How can I do to decode such encapsulated

2021-09-14 08:13:56 +0000 commented question no xhc20 in filter list

You mention capture filter a few times, do you actually mean interface list, i.e. the list of interfaces displayed under

2021-09-13 07:51:22 +0000 edited answer Difference in used cipher suites

Ms Edge (and many other Windows applications) uses the SChannel TLS config data from the registry to determine which TLS

2021-09-13 07:51:06 +0000 edited answer Difference in used cipher suites

Ms Edge (and many other Windows applications) uses the SChannel TLS config data from the registry to determine which TLS

2021-09-13 07:50:46 +0000 answered a question Difference in used cipher suites

Ms Edge (and many other Windows applications) uses the SChannel TLS config data from the registry to determine which TLS

2021-09-13 07:50:46 +0000 received badge  Rapid Responder (source)
2021-09-12 10:47:10 +0000 answered a question Can the time column represent the transmission time?

No, the time column represents the time at which the capturing mechanism recorded the packet being transmitted (or recei

2021-09-12 10:47:10 +0000 received badge  Rapid Responder (source)
2021-09-10 15:10:07 +0000 edited question Need Help with malware

Need Help with wireshark I've been struggling with WIFI issues for two years now. It started with an email from hackers

2021-09-10 15:08:40 +0000 commented question Need Help with malware

For malware issues Wireshark is usually not the answer and so this question of off-topic. Please seek help from a malwa

2021-09-09 12:57:46 +0000 commented question How to filter by array index using dissectors?

From your comments you're using WSGD for your dissector, support for that is over there.

2021-09-06 21:35:26 +0000 commented answer Can't decrypt 802.11ax udp packets with wpa2

See Issue 17577.

2021-09-06 18:35:52 +0000 answered a question Can't decrypt 802.11ax udp packets with wpa2

Please raise an issue over at the Wireshark GitLab instance attaching captures and any credentials\keying material.

2021-09-06 18:35:52 +0000 received badge  Rapid Responder (source)
2021-09-04 13:27:39 +0000 answered a question Does the DRDA dissector support TLS Decryption?

Not currently. Enhancement requests can be raised over at the Wireshark GitLab instance.

2021-09-04 13:27:39 +0000 received badge  Rapid Responder (source)
2021-09-01 15:06:05 +0000 answered a question Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

Likely to be because the packets contain a TCP RST. You can check which coloring rule is being used by expanding the fr

2021-09-01 15:06:05 +0000 received badge  Rapid Responder (source)
2021-09-01 15:03:25 +0000 edited question Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

Red Flag "\Device\NPF_Loopback" Hi, i hope anyone can tell me why wireshark flags the packages on the Screenshot in re

2021-09-01 14:57:26 +0000 edited question Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

Red Flag "\Device\NPF_Loopback" Hi, i hope anyone can tell me why wireshark flags the packages on the Screenshot in re

2021-09-01 07:47:39 +0000 commented question Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

Your question isn't clear and your image is missing. Please post your image on a public file share, e.g. Google Drive,

2021-09-01 07:46:39 +0000 edited question Why are packets captured on "\Device\NPF_Loopback" shown with a red background?

Ref Flag "\Device\NPF_Loopback" Hi, i hope anyone can tell me why wireshark flags this packages in red. Many Thanks

2021-08-31 10:13:01 +0000 answered a question How to enable the eCPRI packet

From the menu, Analyze -> Enabled Protocols, start typing "ecpri" in the search box and then check the box next to th

2021-08-31 10:13:01 +0000 received badge  Rapid Responder (source)
2021-08-31 09:11:05 +0000 commented answer Inter-Frame references using Conversations and Request/Response

Obviously if the state you require isn't in the capture, then you can't complete dissection. The dissector should fail

2021-08-30 16:56:40 +0000 commented answer CMake problems with building with with Qt 6 on Windows

Try the Qt offline installers, or go to the Qt Open Source page and click the link at the button to download the on-line

2021-08-30 16:51:13 +0000 commented answer CMake problems with building with with Qt 6 on Windows

Try the Qt offline installers.

2021-08-30 08:09:26 +0000 answered a question Inter-Frame references using Conversations and Request/Response

You should look at conversations and request\response tracking. A conversation is a way to build up state from all the

2021-08-30 08:09:26 +0000 received badge  Rapid Responder (source)
2021-08-27 19:47:28 +0000 received badge  Rapid Responder (source)
2021-08-27 19:47:28 +0000 answered a question Expired Cert for Insecure NPCAP Admin-Only mode install

npcap support is over there.

2021-08-27 11:40:46 +0000 commented answer How to filter tcp connection finish (FIN) initiated by certain IP

I didn't read the question properly and the comment from @Jaap highlighted the issue, in that the user wants the occurre

2021-08-27 08:12:24 +0000 edited question Is it possible to use ssh dissector to decrypt traffic?

Is it possible to use ssh dissector wireshark(edit->preferrences) to decrypt encrypted wireshark traffic, is yes plea

2021-08-27 08:11:44 +0000 received badge  Rapid Responder (source)
2021-08-27 08:11:44 +0000 answered a question Is it possible to use ssh dissector to decrypt traffic?

Decryption of SSH traffic is a work in progress and also requires some effort with the ssh client to extract the keying

2021-08-27 07:59:21 +0000 answered a question How to filter tcp connection finish (FIN) initiated by certain IP

Using the display filter: (ip.src == 1.1.1.1) && (tcp.flags.fin == 1)

2021-08-27 07:59:21 +0000 received badge  Rapid Responder (source)
2021-08-26 13:18:26 +0000 commented question Custom bluetooth transport implementation

You don't need to access the function directly, you do it indirectly via a dissector handle obtained from either a regis

2021-08-26 12:08:07 +0000 commented question Custom bluetooth transport implementation

The "extension" mechanism for Wireshark dissectors is via dissector registration and dissector tables to minimise direct

2021-08-26 11:18:11 +0000 commented question Custom bluetooth transport implementation

Given the stack you describe, why can't your dissector call the bluetooth top-level dissector (dissect_bluetooth) which

2021-08-26 10:35:51 +0000 commented question Custom bluetooth transport implementation

Sorry for being an idiot, but I don't follow the protocol stack you have. Are you saying you have something like: you

2021-08-26 09:30:37 +0000 commented question Custom bluetooth transport implementation

I'm not very familiar with bluetooth so might be missing the point as to where your protocol fits in, but the bluetooth

2021-08-25 15:30:24 +0000 edited answer does wireshark 3.4.7 support 3gpp release 16 for NAS?

Support was added (3GPP NAS: upgrade dissector to v16.6.0) Nov 13, 2020 but not backported to the 3.4 branch. The field

2021-08-25 14:11:19 +0000 commented question 3.4.7 cant capture, keeps saying could not be initiated on interface

Can dumpcap (the part of Wireshark that communicates with npcap) list the interfaces? Using a command prompt try the fo