Ask Your Question

grahamb's profile - activity

2019-11-18 07:45:00 +0000 received badge  Rapid Responder (source)
2019-11-18 07:45:00 +0000 answered a question What does a TCP zero window message implies?

The first Google search result for "TCP Zero Window" shows we have a wiki page for that: TCP Zero Window.

2019-11-18 07:43:03 +0000 answered a question How to find mapping for dissector?

The reference site for the Wireshark source code is currently here. The nr-rrc dissector is an "asn1" dissector where t

2019-11-18 07:43:03 +0000 received badge  Rapid Responder (source)
2019-11-17 21:21:16 +0000 received badge  Nice Answer (source)
2019-11-17 17:09:39 +0000 answered a question I captured what I believe is an unpatchable attack

Looks to me like a SYN-ACK reflection attack, an inefficient form of DDOS. Some recent analysis of such attacks from Ak

2019-11-17 17:09:39 +0000 received badge  Rapid Responder (source)
2019-11-17 16:48:58 +0000 commented answer wire shark only showing Adapter for loop back traffic capture

You're welcome, but this is yet another case of the npcap service stopping for unknown reasons. Maybe we should add som

2019-11-17 16:48:00 +0000 commented answer wire shark only showing Adapter for loop back traffic capture

output: SERVICE_NAME: npcap TYPE : 1 KERNEL_DRIVER STATE : 1 STOPPED WIN32_EXI

2019-11-16 21:50:44 +0000 answered a question Why is wireshark not detecting my network adapter?

This seems like yet another duplicate question about lack of interfaces when using npcap. See here for the most recent

2019-11-16 21:50:44 +0000 received badge  Rapid Responder (source)
2019-11-16 19:41:16 +0000 commented question Why is wireshark not detecting my network adapter?

What do you mean by "not detecting my network"?

2019-11-16 16:28:20 +0000 commented question How can i see the unique ID of a HTTP packet?

It's obviously 42.

2019-11-16 15:46:45 +0000 answered a question wire shark only showing Adapter for loop back traffic capture

You're running with a slightly out of date version of npap (shouldn't be an issue). As with quite a few similar questio

2019-11-16 15:46:45 +0000 received badge  Rapid Responder (source)
2019-11-16 15:42:57 +0000 commented question wire shark only showing Adapter for loop back traffic capture

version info: Version 3.0.6 (v3.0.6-0-g908c8e357d0f) Copyright 1998-2019 Gerald Combs <[email protected]> an

2019-11-16 12:08:49 +0000 commented question wire shark only showing Adapter for loop back traffic capture

Open the menu item Help -> About Wireshark. On the Wireshark tab highlight the text with the mouse and press Ctrl +

2019-11-15 19:55:33 +0000 commented question tshark - replacement character? :(

output: LANG=en_US.UTF-8 LANGUAGE=en_US LC_CTYPE="en_US.UTF-8" LC_NUMERIC=es_AR.UTF-8 LC_TIME="en_US.UTF-8" LC_COLLATE=

2019-11-15 19:55:09 +0000 commented question tshark - replacement character? :(

LANG=en_US.UTF-8 LANGUAGE=en_US LC_CTYPE="en_US.UTF-8" LC_NUMERIC=es_AR.UTF-8 LC_TIME="en_US.UTF-8"

2019-11-15 19:11:07 +0000 commented question tshark - replacement character? :(

OK, what's your locale, i.e. the output of locale?

2019-11-15 18:36:02 +0000 commented question tshark - replacement character? :(

What OS and what shell are you running this on?

2019-11-15 12:16:47 +0000 commented question Could not create profiles directory

These are the output of the commands total 0 drwx------ 3 root staff 96 May 30 16:55 . drwxr-xr-x+ 33 luke staff 1056 N

2019-11-15 11:50:31 +0000 commented question Could not create profiles directory

Could you start a Terminal and give us the output of the commands ls -la /Users/luke/.config and ls -la /Users/luke/.con

2019-11-14 12:16:20 +0000 commented answer SML dissector doesn't work

The SML dissector only dissects traffic over UDP or TCP. You can use text2pcap to create a pcap file. By using the opt

2019-11-14 11:54:31 +0000 commented question Unable to decode RRC reconfiguration message

You could try installing a standard release and check with that, else you'll need to share the capture.

2019-11-14 11:41:34 +0000 commented question Unable to decode RRC reconfiguration message

Version 3.0.5.lte.1910.01 (v3.0.5.lte.1910.01-0-gd4e5a60985dd) That looks like a custom build, not a standard rele

2019-11-14 11:40:17 +0000 commented question Unable to decode RRC reconfiguration message

You have to upload the capture to a public share, e.g. Google Drive, DropBox etc. and post a link back here.

2019-11-14 11:20:36 +0000 commented question What is the unique id given to a posted packet in ws?

Duplicate of https://ask.wireshark.org/question/12986/unique-id-of-a-packet/

2019-11-14 11:19:59 +0000 commented question Unable to decode RRC reconfiguration message

Wireshark version, OS, capture file?

2019-11-14 11:19:27 +0000 edited answer SML dissector doesn't work

You need to set the dissector port (defaults to 0), either by editing the dissector preferences (Edit -> Preferences

2019-11-14 11:19:17 +0000 answered a question SML dissector doesn't work

You need to set the dissector port (defaults to ), either by editing the dissector preferences (Edit -> Preferences -

2019-11-14 11:19:17 +0000 received badge  Rapid Responder (source)
2019-11-14 11:12:14 +0000 edited question SML dissector doesn't work

dissector doesn't work Hello, I try to comprehend this example: https://wiki.wireshark.org/SML But for me the dissec

2019-11-14 11:11:51 +0000 edited question SML dissector doesn't work

disselector desn't work Hello, I try to comprehend this example: https://wiki.wireshark.org/SML But for me the disse

2019-11-14 10:16:52 +0000 commented answer Installation on Win 10 failed

Unfortunately not. If the installation is allowed to run then it will only update if required, however it must run.

2019-11-14 09:45:19 +0000 commented answer Installation on Win 10 failed

That number makes more sense, its 0x800704EC in hex which now looks like a Windows error. According to the MS error loo

2019-11-14 09:00:50 +0000 commented answer Installation on Win 10 failed

Can you confirm the error code, it looks a bit odd?

2019-11-13 16:49:14 +0000 commented question Is there a way to allow wireshark to analyze the internet connection on other devices on the same network?

How are the laptops connected to the network, wired or wireless?

2019-11-13 15:53:25 +0000 commented question Wireshark unable to load customized plugin

Those "errors" look to me like WinDbg reporting modules that don't have symbols available. What happens if you "continu

2019-11-13 15:42:41 +0000 answered a question Installation on Win 10 failed

Wireshark requires the Universal CRT platform component to be installed and until now I thought that this was installed

2019-11-13 15:42:41 +0000 received badge  Rapid Responder (source)
2019-11-13 12:14:07 +0000 commented answer random data going to broadcast

I googled UDP "27127" and UDP "1740". Note the quotes around the port numbers to only show pages that included those sp

2019-11-13 11:59:15 +0000 received badge  Rapid Responder (source)
2019-11-13 11:59:15 +0000 answered a question random data going to broadcast

If your environment does PLC work then these might be possible answers: The 1740-43 ports seem to be used by Codesys PL

2019-11-13 11:05:27 +0000 commented question random data going to broadcast

Can you share a capture containing the packets in question?? Use a public file share such as Google Drive, DropBox etc.

2019-11-13 11:04:39 +0000 commented answer Different protocols recognized by tshark on Windows and Linux

Note that the preference defaults are the same for all platforms, although they may have changed between versions so it'

2019-11-13 10:15:47 +0000 commented question Wireshark unable to load customized plugin

I ran wireshark with windbg i found following issue. ModLoad: 0a5d0000 0a985000 D:\wsbuild32\run\RelWithDebInfo\plugi

2019-11-13 08:33:31 +0000 answered a question How do I extract the hex section from a pcap file?

Extra ields are specified in the command by adding a -e argument with the field name, use multiple -e field.name argumen

2019-11-13 08:33:31 +0000 received badge  Rapid Responder (source)
2019-11-13 07:56:01 +0000 answered a question Export filtered packets

Use the menu item File -> Export Specified Packet. Guidance for the Packet Range fields this dialog can be found in