Ask Your Question

André's profile - activity

2024-09-25 13:05:52 +0000 answered a question Capture the cURL (https://curl.se/) request (header and body) initiated by Postman REST API client

In the Postman GUI you can view the HTTP headers send and received, in the tab labelled "Headers". When using curl the

2024-09-25 13:05:52 +0000 received badge  Rapid Responder (source)
2024-09-22 15:44:29 +0000 commented question Why is my network traffic visible on loopback interface but not Ethernet in Wireshark capture?

Is it supposed to communicate to the outside world (Ethernet interface) in plain text? Or is it encrypted (using TLS)? I

2024-09-21 19:13:18 +0000 answered a question Packets shown as SSL

Use the 'Decode As' functionality to force decoding as the protocol of your choice. Useful when the heuristic selection

2024-08-18 10:18:30 +0000 received badge  Rapid Responder (source)
2024-08-18 10:18:30 +0000 answered a question Error unknown (0xC05D0001) in SMB2 Tree Connect Response

Please open an issue at https://gitlab.com/wireshark/wireshark/-/issues/

2024-08-08 18:59:33 +0000 received badge  Rapid Responder (source)
2024-08-08 18:59:33 +0000 answered a question VLAN tagged frames not able to see in the Wireshark capture.

Next to the MonitorModeEnabled = 1 setting in the registry, as described on the Intel page, you also need to disable the

2024-08-07 17:02:37 +0000 commented question Wireshark remote capture

The npcap loopback adapter can be used to capture traffic on the loopback interface. Thus traffic that remains inside yo

2024-07-28 10:45:24 +0000 commented question How do you uninstall Wireshark on Windows?

What Operating System are you using? E.g. on Windows there is a uninstall-wireshark.exe in the directory where Wireshar

2024-07-27 16:06:51 +0000 answered a question Interfaces with asterisk - what is it?

The Windows native command ipconfig /all will most likely also show interfaces with names ending with an asterisk. (So i

2024-07-20 16:25:38 +0000 answered a question Confusing swap of text2pcap in/outbound addresses

Without the -D option, but with -i option, all packets are considered inbound. So for outbound they must be swapped. Yo

2024-07-12 18:34:28 +0000 answered a question Trouble converting string number to number with tonumber() function on

This should work on both PCs, with either English or German locale. By resetting the locale to the default ("C"), thus

2024-07-12 18:34:28 +0000 received badge  Rapid Responder (source)
2024-06-09 10:13:08 +0000 answered a question Write java code example to make capture and dissect packets

Not a Wireshark question. Try googling 'slytechs' instead.

2024-06-09 10:13:08 +0000 received badge  Rapid Responder (source)
2024-05-20 18:34:59 +0000 received badge  Rapid Responder (source)
2024-05-20 18:34:59 +0000 answered a question Can wire shark be used on iPhone XR?

Not directly. One option is to send the traffic through a proxy like mitmproxy, another is to use a Remote Virtual Inte

2024-04-27 10:22:29 +0000 received badge  Rapid Responder (source)
2024-04-27 10:22:29 +0000 answered a question Filter first and last packet in all conversations

This display filter will show all the first captured packet per TCP stream: tcp.time_relative == 0 Thus including strea

2024-04-20 16:51:54 +0000 commented answer Wireshark Portable does not start in "Program Files (Portable)" folder

What happens when you put it in a folder without a space in the name? Are you using a pathname in double-quotes to laun

2024-04-09 17:43:07 +0000 commented question visual c++ redistributable installer failed with error 5

Which version of Wireshark are you trying to install? One google search on your text and I got: https://ask.wireshark.or

2024-04-04 20:35:25 +0000 received badge  Rapid Responder (source)
2024-04-04 20:35:25 +0000 answered a question ERROR: Both --etlfile and --params arguments are empty

There is already an issue open for that: https://gitlab.com/wireshark/wireshark/-/issues/19451 Bottom line: don't selec

2024-03-21 19:57:22 +0000 edited answer using tshark with huge display filters

There is no option to read the display filter from a file instead. The Windows command line length is limited to 32,767

2024-03-21 19:51:31 +0000 received badge  Rapid Responder (source)
2024-03-21 19:51:31 +0000 answered a question using tshark with huge display filters

There is no option to read the display filter from a file instead. The Windows command line length is limited to 32,767

2024-03-08 13:27:58 +0000 edited answer Unable to open PCAP file

Either the file you try to open is corrupt or it does not contain a proper pcap header. On Linux the command file is av

2024-03-08 13:24:52 +0000 answered a question Unable to open PCAP file

Either the file you try to open is corrupt or it does not contain a proper pcap header.

2024-03-08 13:24:52 +0000 received badge  Rapid Responder (source)
2024-02-28 19:51:28 +0000 commented question How To Correct My Public IP Address Not Showing UP?

To see your public IP-address go to https://api.ipify.org/ When doing this from behind a device that does NAT (Network

2024-02-28 19:51:09 +0000 commented question How To Correct My Public IP Address Not Showing UP?

To see your public IP-address go to https://api.ipify.org/ When doing this from behind a device that does NAT (Network A

2024-02-25 13:21:04 +0000 edited answer Does the wireshark installer actually DL from from NA?

Actually you are blocking IP-ranges, not counties. With the current shortage of IPv4 addresses, IP-ranges are traded mo

2024-02-25 13:19:51 +0000 received badge  Rapid Responder (source)
2024-02-25 13:19:51 +0000 answered a question Does the wireshark installer actually DL from from NA?

Actually you are blocking IP-ranges, not counties. With the current shortage of IPv4 addresses, IP-ranges are traded mo

2023-12-09 10:09:39 +0000 commented question There is no password being sent to the router for admin login on a tp-link router

The very first HTTP GET request you posted here is for a CSS (base.css). It appears that this is after the actual login.

2023-12-04 16:58:08 +0000 commented answer Getting thousands of errors while linking Wireshark with QT library

Wireshark version >= 4.2 should be compiled using Qt6. See https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWi

2023-12-01 19:34:32 +0000 commented answer Can Wireshark capture traffic exchanged between two programs through TCP ports on the same machine?

(or by using the any interface.)

2023-12-01 08:16:09 +0000 answered a question Can Wireshark capture traffic exchanged between two programs through TCP ports on the same machine?

Yes, select the "Adapter for loopback traffic capture" interface on Windows. I am of the opinion that this wouldn't

2023-11-29 22:55:20 +0000 edited answer Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 22:54:42 +0000 edited answer Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 22:52:49 +0000 received badge  Rapid Responder (source)
2023-11-29 22:52:49 +0000 answered a question Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 09:36:06 +0000 edited answer Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 22:46:59 +0000 answered a question Fix: Unable to access memory when renamed main function and call it in a loop in new main function.

I guess you have to ask Akib Hossain Omi for support on his project. If you have problems compiling using the Wireshark

2023-11-28 22:26:43 +0000 edited answer Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 22:24:17 +0000 answered a question Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 21:47:27 +0000 commented answer TLS1.2 RST After Server Key Exchange, Server Hello Done

So there is an F5 and Netscaler in the network path. If the F5 is in full-proxy mode and the Netscaler does deep-packet

2023-11-27 22:24:05 +0000 commented answer Wireshark doesn't see packets when just one system is 'local'

No. It is not a hub. See https://wiki.wireshark.org/CaptureSetup/Ethernet#switched-ethernet

2023-11-27 21:37:38 +0000 commented question Wireshark doesn't see packets when just one system is 'local'

If I read the VM documentation correctly a "distributed port group" is just a virtual switch. Then it makes sense that t