Ask Your Question

grahamb's profile - activity

2019-03-24 21:18:09 +0000 received badge  Rapid Responder (source)
2019-03-24 21:18:09 +0000 answered a question SSL in Protocol-list

SSL is deprecated, no-one should be using it now. See also the note on the renaming of the SSL dissector in the 3.0 rel

2019-03-24 12:48:23 +0000 commented answer Running windows 7, my interface card and loopback device disappeared in WS 3 but 3 USBPcaps stil there

As per Guy's comment above on how Q&A sites work, your encryption question should be asked as a new question.

2019-03-24 12:46:23 +0000 commented answer dissector length

The approach would be similar.

2019-03-24 10:57:30 +0000 answered a question dissector length

Have a look at the dissect_ip_options function in packet-ip.c. That starts with an overall options length value, then l

2019-03-24 10:57:30 +0000 received badge  Rapid Responder (source)
2019-03-24 09:39:59 +0000 commented question dissector length

You can post a link to your dissector source and any captures. Most dissectors do something similar, iterate over the p

2019-03-24 09:37:30 +0000 commented answer Running windows 7, my interface card and loopback device disappeared in WS 3 but 3 USBPcaps stil there

Generally, TLS decryption only works if you have access to the "master" key that is either obtained from the server, whi

2019-03-23 19:53:29 +0000 received badge  Rapid Responder (source)
2019-03-23 19:53:29 +0000 answered a question extracting source and destination station addresses?

There is a (hidden from the UI) display filter field dnp3.addr that is set for both the source and destination DNP3 addr

2019-03-23 15:04:51 +0000 commented answer Running windows 7, my interface card and loopback device disappeared in WS 3 but 3 USBPcaps stil there

While you can have both WinPcap and npcap installed, you only need one of them for Wireshark and Wireshark 3.0 will pref

2019-03-23 09:25:09 +0000 answered a question Running windows 7, my interface card and loopback device disappeared in WS 3 but 3 USBPcaps stil there

From your about info Running ..., without Npcap or WinPcap. You managed to remove both capturing options, or at least W

2019-03-23 09:25:09 +0000 received badge  Rapid Responder (source)
2019-03-22 16:43:24 +0000 commented question I cannot capture the megaco protocol.

Can you describe your capture setup a bit more, i.e. where you are capturing, any capture filters you're using etc.?

2019-03-22 16:43:15 +0000 commented question I cannot capture the megaco protocol.

Can you describe your capture setup a bit more, i.e. where you are capturing, any capture filters you're using etc.

2019-03-22 13:02:36 +0000 edited question WSGD Bitfields and byte order

byte_order=big_endian bit_order=LSB Hi, I am trying to dissect a protocol with Wireshark Generic dissector. Byte order

2019-03-22 11:24:55 +0000 received badge  Rapid Responder (source)
2019-03-22 11:24:55 +0000 answered a question WSGD Bitfields and byte order

Does this page on bitfields in WSGD help?

2019-03-22 11:20:17 +0000 answered a question SSL Protocol Preferences in Wireshark 3.0

Try looking under TLS. As no-one should actually be using SSL these days (too insecure), we've renamed it to reflect cu

2019-03-22 11:20:17 +0000 received badge  Rapid Responder (source)
2019-03-22 11:15:47 +0000 commented question What is the purpose of rawshark?

From the original commit message back in 2008: Add rawshark, a utility that, when given raw pcap-formatted packets and

2019-03-21 14:03:08 +0000 commented question how to display IPMB capture files

Do you have a link to the captures?

2019-03-21 10:58:38 +0000 commented answer Large number of RST-SYN

I think there is nothing listening on port 42385, hence the resets. I think the issue is more about what process is con

2019-03-21 09:08:23 +0000 commented question After upgrade to 3.0.0 & install Npcap, no traffic seen

Likely to be an issue with npcap. Did you have WinPcap installed previously? My advice is to manually uninstall any Wi

2019-03-21 09:03:45 +0000 commented question 3 ISUP messages in one packet

Providing a link to the capture would help immensely with diagnosis.

2019-03-21 09:03:21 +0000 edited question 3 ISUP messages in one packet

3 ISUP messages in one packet Hi. This packet was captured with Netscout. Wireshark shows 3 ISUP messages in one packet

2019-03-20 13:49:22 +0000 edited question Enable packet editing function

Enable editing functional Hi, How to edit packets in wireshark? i enabled this function in Edit-Preference, but still th

2019-03-20 13:47:46 +0000 answered a question Enable packet editing function

This experimental feature from the older GTK+ UI has not yet been implemented for the Qt UI. See Bug 11840.

2019-03-20 13:47:46 +0000 received badge  Rapid Responder (source)
2019-03-19 22:50:35 +0000 commented answer 1576 bytes on wire, 790 bytes captured!

I created nmap issue 1524 for this.

2019-03-19 22:38:27 +0000 commented answer 1576 bytes on wire, 790 bytes captured!

FWIW, I see the same., I didn't see an existing issue for this.

2019-03-19 16:12:59 +0000 commented question Seeing TCP out of order in the outgoing packets

Can you capture elsewhere to eliminate the Netscaler capture as the issue?

2019-03-19 15:59:25 +0000 commented question Seeing TCP out of order in the outgoing packets

How are you actually capturing; on the server itself, via a mirror\span port or with a tap?

2019-03-19 15:58:11 +0000 commented question 1576 bytes on wire, 790 bytes captured!

I think this is more an npcap\loopback artefact.

2019-03-19 11:28:56 +0000 commented question 1576 bytes on wire, 790 bytes captured!

Any chance of a link to the capture so we can look at it ourselves rather than guessing?

2019-03-19 11:06:29 +0000 edited question Large number of RST-SYN

Large number of RST-SYN Am truing to tune this pc and not sure what and why this large number of RSTs are coming from.

2019-03-19 08:43:44 +0000 edited question Connections from one location being blocked (RST, ACK)

Connections from one location being blocked (RST, ACK) We have a remote client attempting to connect to one of our web s

2019-03-18 09:22:52 +0000 commented question USBPcap has removed my WIFI interface in 3.0.0

Can you post the contents of the Wireshark -> Help -> About Wireshark -> Wireshark dialog? You can highlight t

2019-03-15 16:47:56 +0000 received badge  Rapid Responder (source)
2019-03-15 16:47:56 +0000 answered a question tshark - How can I specify a tab as the -E aggregator character? /s becomes a space, but /t becomes a forward slash, a keyboard tab generates a syntax error.

The aggregator option doesn't support the use of a tab. To request a change to allow it to do so, please raise an entry

2019-03-15 10:53:47 +0000 commented answer Are elevated privileges required in Wireshark 3.0.0 on Windows?

This is incorrect. Wireshark does not require elevated privileges. The capture library, e.g. npcap may be configured t

2019-03-14 19:41:48 +0000 commented answer Are elevated privileges required in Wireshark 3.0.0 on Windows?

If an answer has solved your issue, then please accept it by clicking the checkmark icon to the left of the answer. Thi

2019-03-14 18:59:36 +0000 commented question Are elevated privileges required in Wireshark 3.0.0 on Windows?

Here is the info: Version 3.0.0 (v3.0.0-0-g937e33de) Copyright 1998-2019 Gerald Combs <[email protected]> an

2019-03-14 16:46:07 +0000 answered a question Are elevated privileges required in Wireshark 3.0.0 on Windows?

You're running on Windows and using npcap (an older version at that) as can be seen from the output with Npcap version 0

2019-03-14 16:46:07 +0000 received badge  Rapid Responder (source)
2019-03-14 16:41:37 +0000 commented question Are elevated privileges required in Wireshark 3.0.0 on Windows?

Version 3.0.0 (v3.0.0-0-g937e33de) Copyright 1998-2019 Gerald Combs <[email protected]> and contributors. Lic

2019-03-14 16:15:54 +0000 commented question Are elevated privileges required in Wireshark 3.0.0 on Windows?

Elevation shouldn't be required, what is your OS and capture library? Please post the contents (you can highlight and c

2019-03-14 16:15:34 +0000 commented question Are elevated privileges required in Wireshark 3.0.0 on Windows?

Elevation should't be required, what is your OS and capture library? Please post the contents (you can highlight and co

2019-03-14 15:16:52 +0000 received badge  Rapid Responder (source)
2019-03-14 15:16:52 +0000 answered a question How can I filter-out a range of IP Addresses belonging to a given subnet (and not the whole subnet)

Did you try it? You can indeed use > et all on ip addresses directly, no need to convert to a number. I prefer to v