Ask Your Question

André's profile - activity

2021-10-07 21:17:01 +0000 commented question How can communication continue even after RST,ACK (ECONNABORTED)?

Your excerpt does not show enough data to draw a conclusion. Either upload the pcap so we can take a look or add a colum

2021-10-07 20:56:42 +0000 commented question How can communication continue even after RST,ACK (ECONNABORTED)?

Your excerpt does not show enough data to draw a conclusion. Either upload the pcap so we can take a look or add a colum

2021-10-07 20:48:52 +0000 commented question How can communication continue even after RST,ACK (ECONNABORTED)?

Your excerpt does not show enough data to draw a conclusion. Either upload the pcap so we can take a look or add a colum

2021-10-06 11:00:50 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

Glad to help. And thanks for letting us know that you found the cause, Jim. (Others sometimes just go silent.) Please ma

2021-10-06 10:59:45 +0000 commented question SSL/TLS packets for 302/redirects not being captured

how can I format text in comments in "add comment"? The formatting for a comment is (almost) the same as for an ans

2021-09-30 20:45:17 +0000 commented question Random outages Wireshark showing large amount of UDP on Port 443

The ones I'm curious about are just listed as UDP. If the capture is missing the (initial) handshake then QUIC traf

2021-09-30 14:43:24 +0000 commented question Random outages Wireshark showing large amount of UDP on Port 443

With "a large amount of UDP traffic" the first that comes to my mind is "DDoS attack". Outgoing? Part of a botnet?

2021-09-29 17:07:38 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

Without the capture and sslkeylogfile I can only guess what you are seeing. Captures can be uploaded to a public share,

2021-09-29 10:36:13 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

Another piece of the puzzle is that non-standard TCP ports were used: 7777 and 14430. To verify if you did capture traf

2021-09-29 09:50:58 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

Another piece of the puzzle is that non-standard TCP ports were used: 7777 and 14430. To verify if you did capture traf

2021-09-28 21:03:11 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

When I go to Edit => Preferences => Protocols, there is no "SSL" to choose. Should I be using "TLS" instead?

2021-09-28 21:02:26 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

When I go to Edit => Preferences => Protocols, there is no "SSL" to choose. Should I be using "TLS" instead?

2021-09-28 21:02:14 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

When I go to Edit => Preferences => Protocols, there is no "SSL" to choose. Should I be using "TLS" instead?

2021-09-28 20:46:22 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

When I go to Edit => Preferences => Protocols, there is no "SSL" to choose. Should I be using "TLS" instead?

2021-09-28 20:45:54 +0000 commented answer SSL/TLS packets for 302/redirects not being captured

When I go to Edit => Preferences => Protocols, there is no "SSL" to choose. Should I be using "TLS" instead?

2021-09-28 16:47:22 +0000 received badge  Rapid Responder (source)
2021-09-28 16:47:22 +0000 answered a question SSL/TLS packets for 302/redirects not being captured

To decrypt the TLS traffic you need the (Pre)-Master-Secret. For example using curl on Bash (Linux) prompt: SSLKEYLOGF

2021-09-28 11:57:31 +0000 commented answer wireshark docker container override preferences

Given that 'tshark -G currentprefs' is returning the expected values I am pretty sure that it is working correctly. Mayb

2021-09-28 09:52:47 +0000 received badge  Rapid Responder (source)
2021-09-28 09:52:47 +0000 answered a question wireshark docker container override preferences

Tshark only reads preference files. It does not write or create one (only wireshark does that). With the command tshark

2021-09-27 22:06:19 +0000 commented question wireshark docker container override preferences

tshark -G folders should show you the location of the configuration files. By the way, if the docker image has no GUI t

2021-09-22 18:06:58 +0000 commented answer Export CBSP, SABP and SBcAP packets

I think you are using the command prompt on Windows. In that case use double-quotes for strings: tshark -r test.pcap -Y

2021-09-21 22:47:52 +0000 commented answer End device goes offline randomly

Hi M, A dis- and reconnect of the UTP cable (restarting the port on the switch has the same effect) should be enough to

2021-09-21 21:23:30 +0000 answered a question End device goes offline randomly

This capture confirms what you already know: the communication stops somewhere between frame 76 (last TCP-ACK) and frame

2021-09-21 20:25:23 +0000 edited answer Export CBSP, SABP and SBcAP packets

You can use tshark to do this. For example: tshark -r test.pcap -Y 'cbsp or sabp or sbcap' -O cbsp,sabp,sbcap -T json

2021-09-21 20:23:57 +0000 edited answer Export CBSP, SABP and SBcAP packets

You can use tshark to do this. For example: tshark -r test.pcap 'cbsp or sabp or sbcap' -O cbsp,sabp,sbcap -T json Op

2021-09-21 20:18:25 +0000 received badge  Rapid Responder (source)
2021-09-21 20:18:25 +0000 answered a question Export CBSP, SABP and SBcAP packets

You can use tshark to do this. For example: tshark -r test.pcap -Y sbcap -O sbcap -T json Options -r to read the file

2021-09-12 14:20:33 +0000 received badge  Teacher (source)
2021-09-11 10:42:19 +0000 commented question Capture filter not capturing anything

"xxx.xxx.xxx.xxx.dsl.dyn.ihug.co.nz" is not an address but a DNS name. Turn off network address resolving to see the IP

2021-09-10 21:27:35 +0000 received badge  Rapid Responder (source)
2021-09-10 21:27:35 +0000 answered a question LUA and bignum

Take a look at the documentation at: https://www.wireshark.org/docs/wsdg_html_chunked/lua_module_Int64.html 11.13.1.5.

2021-09-09 19:03:23 +0000 received badge  Rapid Responder (source)
2021-09-09 19:03:23 +0000 answered a question Forcing wireshark to dissect null cipher TLS

Without the handshake Wireshark does not know the size of the Message Authentication Code (MAC) and possibly padding. Th

2021-07-31 12:52:42 +0000 answered a question capture filter of GRE

Because the BPF capture filter does not support GRE as a filter, anything on top of that can only be filtered by checkin

2021-07-26 18:55:46 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string 2a:39:30:31:2a:36:36:36 is equal to the ASCII-string *901*666. So if the test for the trai

2021-07-26 18:53:02 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string "2a:39:30:31:2a:36:36:36" is equal to the ASCII-string "*901*666". So if the test for the

2021-07-26 18:50:13 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string "2a:39:30:31:2a:36:36:36" is equal to the ASCII-string "901666". So if the test for the tr

2021-07-07 18:19:45 +0000 commented answer PTPv2 Error and RHEL Update issue

Below is my list of installed qt packages on CentOS. I used this one: https://centos.pkgs.org/7/centos-updates-x86_64/qt

2021-07-07 12:49:12 +0000 received badge  Commentator
2021-07-07 12:49:12 +0000 commented answer PTPv2 Error and RHEL Update issue

Hi Graham, one of the policies I ran into was that the company did not allow installing a C/C++ compiler (gcc) on any Un

2021-07-07 10:31:00 +0000 commented answer PTPv2 Error and RHEL Update issue

Because of the licencing model. That makes it easier to experiment, independent of the company's commercial licence and

2021-07-07 06:20:47 +0000 edited answer Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-06 22:39:20 +0000 edited answer Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-06 22:28:48 +0000 commented answer PTPv2 Error and RHEL Update issue

I found it easier to use CentOS to compile and build a RPM. Because you need to compile tools like cmake from source an

2021-07-06 22:15:45 +0000 received badge  Rapid Responder (source)
2021-07-06 22:15:45 +0000 answered a question Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-04 21:23:49 +0000 commented answer Why does "tshark -b packets:value" not work?

bug fix merged into master. https://gitlab.com/wireshark/wireshark/-/merge_requests/3563 As mentioned "-b packets:value

2021-07-04 13:02:04 +0000 answered a question Why does "tshark -b packets:value" not work?

This looks like a bug in tshark (global_capture_opts.has_file_packets check missing at line 1775). You can report this

2021-07-04 10:35:56 +0000 received badge  Rapid Responder (source)