Ask Your Question

André's profile - activity

2021-07-26 18:55:46 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string 2a:39:30:31:2a:36:36:36 is equal to the ASCII-string *901*666. So if the test for the trai

2021-07-26 18:53:02 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string "2a:39:30:31:2a:36:36:36" is equal to the ASCII-string "*901*666". So if the test for the

2021-07-26 18:50:13 +0000 commented answer Filtering odd-length binary data

Also note that the hex-string "2a:39:30:31:2a:36:36:36" is equal to the ASCII-string "901666". So if the test for the tr

2021-07-07 18:19:45 +0000 commented answer PTPv2 Error and RHEL Update issue

Below is my list of installed qt packages on CentOS. I used this one: https://centos.pkgs.org/7/centos-updates-x86_64/qt

2021-07-07 12:49:12 +0000 received badge  Commentator
2021-07-07 12:49:12 +0000 commented answer PTPv2 Error and RHEL Update issue

Hi Graham, one of the policies I ran into was that the company did not allow installing a C/C++ compiler (gcc) on any Un

2021-07-07 10:31:00 +0000 commented answer PTPv2 Error and RHEL Update issue

Because of the licencing model. That makes it easier to experiment, independent of the company's commercial licence and

2021-07-07 06:20:47 +0000 edited answer Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-06 22:39:20 +0000 edited answer Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-06 22:28:48 +0000 commented answer PTPv2 Error and RHEL Update issue

I found it easier to use CentOS to compile and build a RPM. Because you need to compile tools like cmake from source an

2021-07-06 22:15:45 +0000 received badge  Rapid Responder (source)
2021-07-06 22:15:45 +0000 answered a question Spanning Tree-(for-bridges)_00 (xx.xx.xx.xx.xx.xx)

"ehter host" is a capture filter. To filter the displayed packets use a display filter. For Ethernet address use "eth.ad

2021-07-04 21:23:49 +0000 commented answer Why does "tshark -b packets:value" not work?

bug fix merged into master. https://gitlab.com/wireshark/wireshark/-/merge_requests/3563 As mentioned "-b packets:value

2021-07-04 13:02:04 +0000 answered a question Why does "tshark -b packets:value" not work?

This looks like a bug in tshark (global_capture_opts.has_file_packets check missing at line 1775). You can report this

2021-07-04 10:35:56 +0000 received badge  Rapid Responder (source)
2021-06-28 21:03:38 +0000 answered a question capture filter for deprecated SSL/TLS protocols

To detect the presence of SSL/TLS Application Data you can use the capture (BPF) filter "tcp[tcp[12]>>2:4]&0xF

2021-05-17 19:22:22 +0000 received badge  Enthusiast
2021-05-16 18:40:15 +0000 commented answer Highlight or color packet detail item if it caused the display filter to match the packet

It is not possible to colour individual items in the tree.

2021-05-16 18:00:39 +0000 received badge  Rapid Responder (source)
2021-05-16 18:00:39 +0000 answered a question Highlight or color packet detail item if it caused the display filter to match the packet

yes you can, see documentation at: https://www.wireshark.org/docs/wsug_html_chunked/ChCustColorizationSection.html

2021-05-08 17:11:09 +0000 commented question Tshark file conversion using Windows 10 Pro, Visual Studio 2017, integration services SSIS and C# conversion from pcap to csv. Empty file!

"Program Files" contains a space so you need to quote the full path to tshark.exe. The file is empty because cmd failed

2021-05-08 16:54:00 +0000 commented question Tshark file conversion using Windows 10 Pro, Visual Studio 2017, integration services SSIS and C# conversion from pcap to csv. Empty file!

"Program Files" contains a space so you need to quote the full path to tshark.exe. Instead of using cmd use VS to redir

2021-05-08 16:53:31 +0000 commented question Tshark file conversion using Windows 10 Pro, Visual Studio 2017, integration services SSIS and C# conversion from pcap to csv. Empty file!

"Program Files" contains a space so you need to quote the full path to tshark.exe. Instead of using cmd use VS to redir

2021-04-07 09:12:34 +0000 commented answer Strange IP flags MF and DF

@SYN-bit @Christian_R RFC 791 also states: To fragment a long internet datagram, an internet protocol module (for

2021-04-06 18:11:34 +0000 answered a question Strange IP flags MF and DF

Based on the RFC 791 https://tools.ietf.org/html/rfc791 , I read the flags as: MF set: this packet contains a fragment

2021-03-28 12:07:43 +0000 received badge  Rapid Responder (source)
2021-03-28 12:07:43 +0000 answered a question How do I filter for an iPhone connected to a laptop via Windows 10 "mobile hotspot"?

When you start the "Windows 10 mobile hotspot" a new network interface is created. In Wireshark select that interface fo

2021-03-09 19:09:00 +0000 edited answer FTP upload is disrupted

It is not wrong, but SACK, Selective Acknowledgement, is not enabled on 10.10.250.2. So when packet loss occurs the file

2021-03-09 19:06:18 +0000 answered a question FTP upload is disrupted

It is not wrong, but SACK, Selective Acknowledgement, is not enabled on 10.10.250.2. So when packet loss occurs the file

2021-02-01 11:48:54 +0000 answered a question Upgrading to Wireshark 3.4.3 64-bit Npcap 1.10 failing

This is probably because access to the executable code (dll) in your temp directory is blocked by the OS or AV. The Npc

2020-11-30 19:33:06 +0000 received badge  Rapid Responder (source)
2020-11-30 19:33:06 +0000 answered a question how to addIng two vlan tag to pcap file

Maybe running tcpwrite twice? tcpwrite is not part of Wireshark. Take a look at the authors site: https://tcpreplay.app

2020-11-24 21:46:09 +0000 commented question Why sender did not have more in-flight bytes to client?

There may be several reasons why the TCP window size is not fully utilized. For example: TCP slow start mechanism acti

2020-11-24 21:45:31 +0000 commented question Why sender did not have more in-flight bytes to client?

There may be several reasons why the TCP window size is not fully utilized. For example: - TCP slow start mechanism act

2020-11-15 12:34:11 +0000 received badge  Rapid Responder (source)
2020-11-15 12:34:11 +0000 answered a question playback video sniif ( not live ) HELP!!

It is usually easier to use the browser's 'developer tool' to get the URL(s) used by the browser. Especially on encrypte

2020-11-12 19:51:52 +0000 commented question how to use tshark to show all srcport and dstport?

If you just want source and destination ports, why not use the statistics feature? tshark -r $file -nq -z endpoints,tcp

2020-11-12 19:50:16 +0000 commented question how to use tshark to show all srcport and dstport?

I you want just source and destination ports, why not use the statistics feature? tshark -r $file -nq -z endpoints,tcp

2020-10-29 17:39:51 +0000 commented answer How to use WireShark to find internet connection interruptions?

Maybe a Powerline Adapter is better in this case. The benefit of a wired connection without a 'long cable'. So the Acce

2020-10-29 14:34:44 +0000 received badge  Editor (source)
2020-10-29 14:34:44 +0000 edited answer How to use WireShark to find internet connection interruptions?

You probably have to login into your router or WIFI Access Point and look for error messsages. If you want to use Wires

2020-10-29 14:33:16 +0000 received badge  Rapid Responder (source)
2020-10-29 14:33:16 +0000 answered a question How to use WireShark to find internet connection interruptions?

You probably have to login into your router or WIFI Access Point and look for error messsages. If you want to use Wires

2020-10-27 14:57:32 +0000 received badge  Rapid Responder (source)
2020-10-27 14:57:32 +0000 answered a question what types of protocols can tcpreplay replay?

First of all, tcpreplay is not part of Wireshark. For documentation see https://tcpreplay.appneta.com/ As you can read

2020-10-26 23:44:43 +0000 answered a question Capturing HTTPS communication from Android emulator

Setting the SSLKEYLOGFILE on the host has no effect. That needs to be activated at the end-point of the communication, t

2020-10-26 22:06:59 +0000 answered a question Compress capture file creates issues?

If you use gzip compression, instead of zip, Wireshark is able to read the compressed file directly. Both gzip and zip u