Ask Your Question

MartinM's profile - activity

2021-05-05 11:42:23 +0000 commented answer Should we adopt a code of conduct? If so, which one?

I like this one's brevity, lack of repetition, and that it doesn't refer to what sounds like a formal management group (

2021-05-05 11:36:49 +0000 received badge  Supporter (source)
2021-04-09 08:12:23 +0000 commented question How do I use a Snort rule to search or filter PCAP in Wireshark?

There is no way to automatically/reliably convert a snort rule directly into a Wireshark display filter. But with the S

2020-12-03 22:33:28 +0000 received badge  Rapid Responder (source)
2020-12-03 22:33:28 +0000 answered a question how can I open snort alert.ids

Wireshark can't open any Snort alert output format. Is there a format that contains full frames? https://gitlab.com/wi

2020-09-06 12:23:57 +0000 answered a question How to Parse MAC-LTE to PDCP-LTE or HTTP package?

You need to set the MAC-LTE dissector preferences appropriately. If all of the relevant RRC signalling is in the captur

2019-10-20 09:04:39 +0000 commented answer Negative Window scaling factor

It also needs to be clear (if it isn't already) if the scaling factor was forced by the preference setting 'Scaling fact

2019-09-02 22:13:14 +0000 commented answer I need help to analyze slammer.pcap

One way to look at this (under linux at least) would be to use the Snort post-dissector (https://wiki.wireshark.org/Snor

2019-02-08 16:53:15 +0000 received badge  Rapid Responder (source)
2019-02-08 16:53:15 +0000 answered a question How to decode PDCP-LTE?

It looks like you need to go to Analyze | Enabled Protocols, find PDCP-LTE, expand it and check pdcp_lte_udp. It is heu

2018-11-15 22:04:38 +0000 received badge  Rapid Responder (source)
2018-11-15 22:04:38 +0000 answered a question How to decrypt Ipsec protocol that have esp with command line

If you have messages in your traces that describe the SPI/keys, you could write a dissector for those messages and call

2018-08-31 14:10:36 +0000 received badge  Enthusiast
2018-07-26 17:02:06 +0000 commented answer Decoding LTE MAC Scheduling Request (SR) packets

You could disable the preference 'Track status of SRs within UEs', which is on by default. The SR/grant tracking was us

2018-07-26 16:59:10 +0000 commented answer Decoding LTE MAC Scheduling Request (SR) packets

You could disable the preference 'Track status of SRs within UEs', which is on by default.

2018-07-26 10:10:37 +0000 edited answer Decoding LTE MAC Scheduling Request (SR) packets

I have uploaded and merged https://code.wireshark.org/review/#/c/28854/ Could you either try it, or send me a capture f

2018-07-26 07:56:35 +0000 commented answer Decoding LTE MAC Scheduling Request (SR) packets

Updated/fixed after a comment from Pascal. The other thing to bear in mind about the SR event in the dissector, is that

2018-07-25 21:55:23 +0000 received badge  Editor (source)
2018-07-25 21:55:23 +0000 edited answer Decoding LTE MAC Scheduling Request (SR) packets

I have uploaded https://code.wireshark.org/review/#/c/28854/ Could you either try it, or send me a capture file? The fo

2018-07-25 21:54:27 +0000 received badge  Rapid Responder (source)
2018-07-25 21:54:27 +0000 answered a question Decoding LTE MAC Scheduling Request (SR) packets

I have uploaded https://code.wireshark.org/review/#/c/28854/ Could you either try it, or send me a capture file? The fo

2018-07-25 20:17:10 +0000 commented answer Decoding LTE MAC Scheduling Request (SR) packets

I will try to add it before then.

2018-05-03 08:42:06 +0000 received badge  Rapid Responder
2018-05-03 08:42:06 +0000 answered a question Documentation/Use of new protobuf dissector

I would also really like to be able to have a preference where I could e.g. map from UDP port -> .proto file (where p