| 2019-09-17 19:57:35 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-17 19:57:35 +0000 | answered a question | Why is TLS Decryption is MUCH slower on Windows 10 than MacOS? There's no deliberate code to slow things down, so your results are unexpected. There is a possibility that different c |
| 2019-09-17 11:39:26 +0000 | edited question | How do I see data usage per device connected to a router. HOW DO I SEE DATA USAGE PER DEVICE CONNECTED TO A ROUTER I would like to see all devices connected to my router and see |
| 2019-09-17 11:38:47 +0000 | commented question | How do I see data usage per device connected to a router. You won't be able to do this with Wireshark, unless you can somehow persuade your router to make a capture file. If you |
| 2019-09-17 11:00:35 +0000 | commented answer | Could anyone help look at this capture to find suspicious activity? I tried asking for help on that forum and received no responses. It is interestingly hard to find much help in this a |
| 2019-09-16 17:52:04 +0000 | commented question | If I have a transformerless connection that passes traffic, can I add put a transformer connection to ENET switch and use WireShark from PC to switch to snif that traffic? Can you explain what you mean by a "transformer"? Can you draw a diagram of your network, including the location of the |
| 2019-09-16 16:54:29 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-16 16:54:29 +0000 | answered a question | Cannot filter on single IP To capture the traffic to and from a single IP, select the interface that contains the traffic of interest (if uncertain |
| 2019-09-16 12:45:45 +0000 | commented question | Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? Many companies large and small build Wireshark and plugins on Windows using MSVC with no issue whatsoever. Examining th |
| 2019-09-16 12:00:52 +0000 | edited question | Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? Anybody was building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? I'm in fact in the work of it, but some errors appeare |
| 2019-09-16 11:59:26 +0000 | commented question | Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? Building Wireshark using Cywin isn't a supported option, so you're on your own. There is a buildable Windows version us |
| 2019-09-16 11:59:17 +0000 | commented question | Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? I hope you're being paid well to try to achieve this, good luck. What are the perceived licence restrictions as regards |
| 2019-09-16 11:31:50 +0000 | commented question | Anybody building Wireshark 3.1 under Cygwin using gcc 7.4.0 ? Build Wireshark using Cywin isn't a supported option, so you're on your own. There is a buildable Windows version using |
| 2019-09-13 18:55:30 +0000 | commented answer | Could anyone help look at this capture to find suspicious activity? I attempted to open it in a browser and it was blocked by my firewall as inappropriate. |
| 2019-09-13 18:14:48 +0000 | answered a question | MSVC 2017 wireshark project. ALL_BUILD Access denied Set the "startup" project to be Wireshark by navigating to the wireshark node under "Executables", right-clicking that n |
| 2019-09-13 18:14:48 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-13 16:05:36 +0000 | commented question | wsbuild64 successfull Wireshark.exe will not run. Not many folks build a debug version, try building a regular RelWithDebInfo version. Have you tried running the built v |
| 2019-09-13 12:58:16 +0000 | commented answer | Could anyone help look at this capture to find suspicious activity? Internet servers can be all over the place, and IP address to location isn't entirely accurate. Understanding the traff |
| 2019-09-13 10:34:12 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-13 10:34:12 +0000 | answered a question | Decoding HDCP2 packets You don't specify the version of Wireshark you're using, nor your OS which is less than helpful. HDPC2 dissection is a |
| 2019-09-13 09:30:28 +0000 | commented answer | Could anyone help look at this capture to find suspicious activity? Hopefully Wireshark will tell you the protocol being used and the IP address of the remote endpoint. Hopefully the prot |
| 2019-09-12 12:37:44 +0000 | edited answer | Can Wireshark be used as a message duplicator? No. Wireshark is a packet analyzer and does not create packets. Various tools that are part of the Wireshark suite can |
| 2019-09-12 12:37:22 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-12 12:37:22 +0000 | answered a question | Can Wireshark be used as a message duplicator? No. Wireshark is a packet analyzer and does not create packets. Various tools that are part of the Wireshark suite can |
| 2019-09-12 11:22:33 +0000 | commented question | Why has the 8 in the MAC address in the capture window been replaced with an a? The "Packets window" information displays the IPv6 addresses used for the DHCPv6 packet, not the MAC address. The sourc |
| 2019-09-12 11:19:06 +0000 | edited question | Why has the 8 in the MAC address in the capture window been replaced with an a? Can anyone explain this Why has the 8 in the MAC address in the capture window been replaced with an a? ie 48 has becom |
| 2019-09-12 09:37:28 +0000 | commented answer | Could anyone help look at this capture to find suspicious activity? It's actually quite difficult to capture traffic from other devices. And as to working out what traffic might be signif |
| 2019-09-11 18:29:33 +0000 | commented question | Why do I keep getting "No Interfaces Found" when I start Wireshark up? Unlikely. npcap worked on that version when it was the current one, although it's possible the upgrade might fix someth |
| 2019-09-11 18:28:52 +0000 | commented question | Why do I keep getting "No Interfaces Found" when I start Wireshark up? Unlikely. npcap worked on that version when it was the current one. |
| 2019-09-11 16:24:40 +0000 | commented question | Why do I keep getting "No Interfaces Found" when I start Wireshark up? The key bit of that info is from the "running" part: with Npcap version 0.995 This shows that you do have a capture l |
| 2019-09-11 16:21:01 +0000 | edited question | Why do I keep getting "No Interfaces Found" when I start Wireshark up? Why do I keep getting "No Interfaces Found" when I start Wireshark up? I have redownloaded wireshark multiple times and |
| 2019-09-11 13:29:49 +0000 | commented question | Why do I keep getting "No Interfaces Found" when I start Wireshark up? Can you post the contents of the menu Help -> About Wireshark dialog? You can highlight the text and Ctrl + C it to |
| 2019-09-11 10:02:12 +0000 | answered a question | Could anyone help look at this capture to find suspicious activity? The question isn't one that's generally handled here. If you could point to a specific bit of traffic then someone migh |
| 2019-09-10 16:48:40 +0000 | commented question | NPCAP 0.995 gives duplicate packets Might be worth trying an uninstall of npcap and then an install of WinPcap. |
| 2019-09-09 15:59:41 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-09 15:59:41 +0000 | answered a question | Dissection of CIP Message Router Response You'll note that the items you reference have square brackets ([]) around them, this means they are synthesised by the d |
| 2019-09-09 15:41:53 +0000 | commented question | Dissection of CIP Message Router Response The link you shared doesn't seem to be publicly viewable. |
| 2019-09-09 15:31:04 +0000 | commented question | Dissection of CIP Message Router Response Post the file on a public file sharing site, e.g. Google Drive, DropBox etc. and then post a link to the file back here |
| 2019-09-09 15:01:11 +0000 | commented question | Dissection of CIP Message Router Response Wireshark version? Can you share the capture file? |
| 2019-09-09 13:10:38 +0000 | commented answer | tshark tcp stream Raw data is not output to the end You can always raise an entry on the Wireshark Bugzilla. If you can provide a capture that demonstrates the issue that |
| 2019-09-09 12:58:21 +0000 | commented answer | tshark tcp stream Raw data is not output to the end It's a bit difficult to progress then without an actual example. |
| 2019-09-09 12:57:26 +0000 | answered a question | Please update Npcap 0.995 in release package In hand, see change 34458. This will be released in the forthcoming 3.0.4 |
| 2019-09-09 12:57:26 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-09 08:33:47 +0000 | commented answer | tshark tcp stream Raw data is not output to the end For raw tcp data I can't think of any. For other higher level dissectors there are various dependencies on libraries in |
| 2019-09-08 15:54:01 +0000 | commented answer | tshark tcp stream Raw data is not output to the end The "capture" library, Winpcap, or npcap for newer versions on Windows or libpcap, makes no difference at all to dissect |
| 2019-09-08 12:57:33 +0000 | commented answer | tshark tcp stream Raw data is not output to the end So the issue seems to be a difference between the output from the Linux and Windows versions using the same capture file |
| 2019-09-08 09:18:46 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-08 09:18:46 +0000 | answered a question | tshark tcp stream Raw data is not output to the end There are a number of issues here, firstly your use of tshark to get the raw data and then slight differences in the out |
| 2019-09-08 08:56:54 +0000 | received badge | ● Rapid Responder (source) |
| 2019-09-08 08:56:54 +0000 | answered a question | Display filter field names in the csv file From the tshark man page (also in the help output by -h): -E <field print="" option=""> Set an option controll |
Copyright Wireshark Foundation, 2017-2019 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.