Ask Your Question

Chuckc's profile - activity

2020-12-05 18:26:26 +0000 edited answer How do I configure WireShark to capture Snort packages

From the Wireshark wiki: "Does not currently run under Windows. The problem seen was a failure to launch Snort using g_s

2020-12-05 18:26:03 +0000 answered a question How do I configure WireShark to capture Snort packages

From the Wireshark wiki: "Does not currently run under Windows. The problem seen was a failure to launch Snort using g_s

2020-12-04 13:57:58 +0000 commented question How can I filter for traffic only a specific port?

Are you asking about a protocol port (TCP/UDP) or a network interface port (NIC)?

2020-12-03 16:35:59 +0000 answered a question Seeing some strange DNS queries?

Looks like the .67 node is looking for Windows shares that don't exist. If there is nothing obvious in the system config

2020-12-03 16:35:59 +0000 received badge  Rapid Responder (source)
2020-12-03 15:59:56 +0000 received badge  Rapid Responder (source)
2020-12-03 15:59:56 +0000 answered a question Wireshark ssh capture (plink + tcpdump)

Capture from stdin not working in 3.4.0. 3.4.1 is due out next week (Dec 9) or downgrade to an earlier version or you c

2020-12-03 15:19:54 +0000 commented question Wireshark ssh capture (plink + tcpdump)

Can you add the output of wireshark -v or Help->About Wireshark:Wireshark.

2020-12-02 21:27:37 +0000 commented answer nrf_sniffer_ble.sh --extcap-interface error

Step 3 of the install is a success and step 4 fails?

2020-12-02 20:35:14 +0000 answered a question nrf_sniffer_ble.sh --extcap-interface error

Try the Nordic Semi DevZone - a basic search there for nrf_sniffer_ble.sh returns several results.

2020-12-02 20:35:14 +0000 received badge  Rapid Responder (source)
2020-12-02 20:26:31 +0000 edited answer Plugin for Telephony menu

If the long term goal is to contribute the code to Wireshark then it will need to be in C/C++ to be supported. The Devel

2020-12-02 20:26:13 +0000 answered a question Plugin for Telephony menu

If the long term goal is to contribute the code to Wireshark then it will need to be in C/C++ to be supported. The Devel

2020-12-02 20:26:13 +0000 received badge  Rapid Responder (source)
2020-12-02 20:05:13 +0000 received badge  Rapid Responder (source)
2020-12-02 20:05:13 +0000 answered a question How can I view an HTTP request and response as plain text?

"My goal is to see nice HTTP Request/Response as text (right side of packet bytes)" 7.2. Following Protocol Streams - t

2020-12-02 03:59:53 +0000 commented answer windows wireshark build error:CAN NOT FIND GLIB2

Have you set the environment variables that point to the libraries?

2020-12-01 21:28:11 +0000 commented question Segmentation fault while changing Link-layer header

Can you add the output of wireshark -v or Help->About Wireshark:Wireshark.

2020-12-01 02:30:01 +0000 answered a question How do I search decrypted TLS data in a capture.

Using the snakeoil2 sample cature, the TLS is decrypted as HTTP. 1. A display filter of http contains "Linux" returns 1

2020-12-01 02:30:01 +0000 received badge  Rapid Responder (source)
2020-11-30 19:44:47 +0000 received badge  Rapid Responder (source)
2020-11-30 19:44:47 +0000 answered a question Why does WireGuard (when active) not show as a nic in my adapter list

Looks like NMap iflist returns WINDEVICE <none> for a Virtual Wireguard Interface #173

2020-11-29 23:22:28 +0000 commented question Why does WireGuard (when active) not show as a nic in my adapter list

Can you add the output of wireshark -v or Help->About Wireshark:Wireshark.

2020-11-29 23:22:13 +0000 commented question Why does WireGuard (when active) not show as a nic in my adapter list

Can you add the output of wireshark -v or Help->About Wireshar:Wireshark.

2020-11-29 23:20:27 +0000 commented question TCP Dup ACK flooding connection - macOS Big Sur <> Synology NAS

Have you tested using a switch instead of the direct connection? How you looked at the interface statistics on the Mac f

2020-11-29 21:56:54 +0000 commented answer Wireshark show unter EVE-NG nothing

Capture via stdin is broken in 3.4.0 - Remote packet capture failed Roadmap shows 3.4.1 coming out December 9 or downlo

2020-11-29 18:50:20 +0000 commented question What is this protocl version sent in the TLS supported_versions extension?

Support for GREASE was added several years ago. TLS: Add Reserved Extension type from GREASE Can you open your capture w

2020-11-29 17:51:20 +0000 commented question What is this protocl version sent in the TLS supported_versions extension?

draft-ietf-tls-grease-01 - "This document describes GREASE (Generate Random Extensions And Sustain Extensibility), a mec

2020-11-28 00:44:21 +0000 received badge  Rapid Responder (source)
2020-11-28 00:44:21 +0000 answered a question Exporting HTTP2 Objects

There is an open issue to add: Add support for HTTP/2 in Export Objects Have you tried Follow->HTTP/2 Stream? It may

2020-11-27 00:17:16 +0000 commented question TLS log file encryption with WireShark is not working properly

The TLS wiki page has an example capture and pre-master file. (nice reference for pre-master file: NSS Key Log Format

2020-11-27 00:16:00 +0000 commented question TLS log file encryption with WireShark is not working properly

The TLS wiki page has an example capture and pre-master file. (nice reference for pre-master file: NSS Key Log Format )

2020-11-26 01:24:24 +0000 commented question How is wireshark icons displayed on GUI using QT

Not a "how" but here's the "where": README.adoc The image directory README refers to stock_icon.cpp main_window.cpp

2020-11-26 01:17:21 +0000 commented question How is wireshark icons displayed on GUI using QT

Not a "how" but here's the "where": README.adoc stock_icon.cpp main_window.cpp stock_icon_tool_button.cpp

2020-11-26 01:05:59 +0000 commented question How do I configure WireShark to capture Snort packets?

There is a page for Snort on the Wireshark wiki which has a link to a SharkFest'16 EUROPE presentation: 14: Viewing Snor

2020-11-24 16:49:51 +0000 commented question Why sender did not have more in-flight bytes to client?

Have you looked at the window size in the client ACKs?

2020-11-23 22:00:52 +0000 commented question What happened to packet-tor.c

Still open in Gitlab issues: #3203: [PATCH] Tor Dissector

2020-11-23 20:13:57 +0000 commented question TCP client responses with no FIN

The beauty of standards is that are so many to choose from. :-)

2020-11-23 19:38:44 +0000 commented question TCP client responses with no FIN

Are you working with these Modbus specs? MODBUS MESSAGING ON TCP/IP IMPLEMENTATION GUIDE V1.0b "2) It is recommended t

2020-11-23 18:59:11 +0000 commented question TCP client responses with no FIN

"Modbus Poll is a Modbus master simulator" - it may be the TCP client but at the protocol level it is driving the conver

2020-11-23 18:24:16 +0000 commented question TCP client responses with no FIN

"using a TCP Client" - what is the client software?

2020-11-23 18:20:05 +0000 commented question NPCAP Install failure 0x8007007e

Npcap is tracking it here: Npcap Bug Report - error 8007007e #135 There are suggested resolution steps at the bottom.

2020-11-18 03:11:32 +0000 commented question How to fix "error MSB6006: "cmd.exe" exited with code -1073741819." when building Wireshark? 4 modules failed with the same error ui.vcxproj, dfilter.vcxproj, wiretap.vcxproj and text2pcap.vcxproj

Was this working previously? What version of Wireshark are you building?

2020-11-17 15:04:02 +0000 commented question Copy derypted data as ascii

Have you tried Follow->TLS Stream and then Save As...

2020-11-17 03:33:45 +0000 commented question Default Display Filter

There's no charge for submitting a Enhancement Request. If you find value in having this as a feature, maybe others do a

2020-11-17 02:29:28 +0000 commented question Default Display Filter

Are you currently using Filter Buttons and Filter Button Groups ? Sort of similar question from long ago.

2020-11-17 01:39:15 +0000 commented question Default Display Filter

Are you currently using Filter Buttons and Filter Button Groups ?

2020-11-16 19:04:42 +0000 commented question Extract files if sha1 hash is known

Tell me more. What's the goal here?

2020-11-16 16:45:42 +0000 received badge  Rapid Responder (source)
2020-11-16 16:45:42 +0000 answered a question How to start wireshark itself and capture logs when windows10 startup everytime

POC - This WILL NOT WORK as written - tweak for your system. Man page for dumpcap here C:\ProgramData\Microsoft\Windo