Ask Your Question

André's profile - activity

2024-03-21 19:57:22 +0000 edited answer using tshark with huge display filters

There is no option to read the display filter from a file instead. The Windows command line length is limited to 32,767

2024-03-21 19:51:31 +0000 answered a question using tshark with huge display filters

There is no option to read the display filter from a file instead. The Windows command line length is limited to 32,767

2024-03-21 19:51:31 +0000 received badge  Rapid Responder (source)
2024-03-08 13:27:58 +0000 edited answer Unable to open PCAP file

Either the file you try to open is corrupt or it does not contain a proper pcap header. On Linux the command file is av

2024-03-08 13:24:52 +0000 received badge  Rapid Responder (source)
2024-03-08 13:24:52 +0000 answered a question Unable to open PCAP file

Either the file you try to open is corrupt or it does not contain a proper pcap header.

2024-02-28 19:51:28 +0000 commented question How To Correct My Public IP Address Not Showing UP?

To see your public IP-address go to https://api.ipify.org/ When doing this from behind a device that does NAT (Network

2024-02-28 19:51:09 +0000 commented question How To Correct My Public IP Address Not Showing UP?

To see your public IP-address go to https://api.ipify.org/ When doing this from behind a device that does NAT (Network A

2024-02-25 13:21:04 +0000 edited answer Does the wireshark installer actually DL from from NA?

Actually you are blocking IP-ranges, not counties. With the current shortage of IPv4 addresses, IP-ranges are traded mo

2024-02-25 13:19:51 +0000 received badge  Rapid Responder (source)
2024-02-25 13:19:51 +0000 answered a question Does the wireshark installer actually DL from from NA?

Actually you are blocking IP-ranges, not counties. With the current shortage of IPv4 addresses, IP-ranges are traded mo

2023-12-09 10:09:39 +0000 commented question There is no password being sent to the router for admin login on a tp-link router

The very first HTTP GET request you posted here is for a CSS (base.css). It appears that this is after the actual login.

2023-12-04 16:58:08 +0000 commented answer Getting thousands of errors while linking Wireshark with QT library

Wireshark version >= 4.2 should be compiled using Qt6. See https://www.wireshark.org/docs/wsdg_html_chunked/ChSetupWi

2023-12-01 19:34:32 +0000 commented answer Can Wireshark capture traffic exchanged between two programs through TCP ports on the same machine?

(or by using the any interface.)

2023-12-01 08:16:09 +0000 answered a question Can Wireshark capture traffic exchanged between two programs through TCP ports on the same machine?

Yes, select the "Adapter for loopback traffic capture" interface on Windows. I am of the opinion that this wouldn't

2023-11-29 22:55:20 +0000 edited answer Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 22:54:42 +0000 edited answer Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 22:52:49 +0000 received badge  Rapid Responder (source)
2023-11-29 22:52:49 +0000 answered a question Why won't this Chrome TLS handshake work?

I see 2 TLS sessions. The first: The client (browser) closes the session after 30 seconds (frame 809). Most likely a t

2023-11-29 09:36:06 +0000 edited answer Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 22:46:59 +0000 answered a question Fix: Unable to access memory when renamed main function and call it in a loop in new main function.

I guess you have to ask Akib Hossain Omi for support on his project. If you have problems compiling using the Wireshark

2023-11-28 22:26:43 +0000 edited answer Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 22:24:17 +0000 answered a question Is it possible to read multiple pcap file using a loop inside the main function of tshark.c?

argv[3] is a pointer, it is NOT a char array to store a string in. And argv is declared as char* argv[], which means "an

2023-11-28 21:47:27 +0000 commented answer TLS1.2 RST After Server Key Exchange, Server Hello Done

So there is an F5 and Netscaler in the network path. If the F5 is in full-proxy mode and the Netscaler does deep-packet

2023-11-27 22:24:05 +0000 commented answer Wireshark doesn't see packets when just one system is 'local'

No. It is not a hub. See https://wiki.wireshark.org/CaptureSetup/Ethernet#switched-ethernet

2023-11-27 21:37:38 +0000 commented question Wireshark doesn't see packets when just one system is 'local'

If I read the VM documentation correctly a "distributed port group" is just a virtual switch. Then it makes sense that t

2023-11-27 21:36:57 +0000 commented question Wireshark doesn't see packets when just one system is 'local'

If I read the VM documentation correctly a "distributed port group" is just a virtual switch. Then it makes sens that tr

2023-11-27 21:15:17 +0000 answered a question TLS1.2 RST After Server Key Exchange, Server Hello Done

Most likely the certificate is invalid. In frame 2651 the Client Hello contains the SNI "autodiscover.companyB.com". In

2023-11-27 21:15:17 +0000 received badge  Rapid Responder (source)
2023-11-27 19:31:09 +0000 commented answer dftest.exe not present in WireShark 4.2

I was not aware of dftest. Checking a filter can also be done with tshark against an empty pcap file (with 0 packets). T

2023-11-27 17:29:12 +0000 commented answer dftest.exe not present in WireShark 4.2

I was not aware of dftest. Checking a filter can also be done with tshark against an empty pcap file (with 0 packets). T

2023-11-25 12:26:27 +0000 received badge  Rapid Responder (source)
2023-11-25 12:26:27 +0000 answered a question Error "module 'pyshark' has no attribute 'LiveCapture'"

Pyshark is NOT part of the Wireshark project. Please ask your question(s) about Pyshark here: https://github.com/KimiNe

2023-11-22 23:08:29 +0000 commented answer Copy as printable text option is nomore

In the screenshot it is shown as 'Follow', above 'Copy', select the proper stream type in the submenu.

2023-11-22 21:10:19 +0000 commented answer Copy as printable text option is nomore

What comes close is 'Follow stream' and select & copy the needed text.

2023-11-18 19:18:39 +0000 commented answer Game crashes when opening Wireshark

Why not use a separate pc and a tap or switch with port mirror function?

2023-11-17 22:01:59 +0000 commented question HL7 messages

hl7.segment is an array with all the segments (MSH, PID, OBX, etc.). I still don't know what hl7.field does except

2023-11-17 21:59:31 +0000 commented question HL7 messages

hl7.segment is an array with all the segments (MSH, PID, OBX, etc.). I still don't know what hl7.field does except

2023-11-16 20:23:03 +0000 commented question HL7 messages

Looking at https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-hl7.c the hl7.field field contain

2023-11-16 20:05:16 +0000 commented question HL7 messages

Looking at https://gitlab.com/wireshark/wireshark/-/blob/master/epan/dissectors/packet-hl7.c the hl7.field field contain

2023-11-16 19:06:08 +0000 answered a question Cannot resolve hostname when using tshark

So the question is: "why is the output of TShark different from Wireshark?" There are a few possibilities. One that is

2023-11-15 14:36:30 +0000 commented question HL7 messages

I have have to replace , with | Then use: -T fields -e hl7.field -E 'aggregator=|' (see tshark man page) Do the 'o

2023-11-15 14:33:44 +0000 commented question HL7 messages

I have have to replace , with | Then use: -T fields -e hl7.field -E 'aggregator=|' (see tshark man page) Do the 'o

2023-11-15 14:32:24 +0000 commented question HL7 messages

I have have to replace , with | Then use: -T fields -e hl7.field -E 'aggregator=|' (see tshark man page) Do the 'o

2023-11-15 11:14:21 +0000 commented question HL7 messages

By using the -T ek option you choose the JSON format as output format and the "hl7_field" contains an array of fields. S

2023-11-10 22:46:38 +0000 commented answer decrypted frame

To launch Chrome do: On Windows on a command prompt: set SSLKEYLOGFILE=%CD%\keylogfile.txt "%ProgramFiles%\Google\Chro

2023-11-10 21:19:04 +0000 commented answer decrypted frame

When I delete the contents of this file, launch my browser and make a request to a website, the key file does not fil

2023-11-10 21:07:15 +0000 answered a question How to take a tcpip packet trace with SSLKEYLOGFILE file?

Only the endpoints of a TLS connection can provide the session keys. So the SSLKEYLOGFILE environment needs to be set fo

2023-11-10 21:07:15 +0000 received badge  Rapid Responder (source)
2023-11-10 20:53:06 +0000 received badge  Rapid Responder (source)