2023-03-30 11:28:00 +0000 | received badge | ● Famous Question (source) |
2023-03-30 11:28:00 +0000 | received badge | ● Notable Question (source) |
2023-03-30 11:28:00 +0000 | received badge | ● Popular Question (source) |
2023-03-13 19:40:02 +0000 | asked a question | FASP protocol specification FASP protocol specification Anyone have FASP experience? This is the protocol which the Aspera client & server use |
2023-01-06 16:25:47 +0000 | received badge | ● Notable Question (source) |
2023-01-06 16:25:47 +0000 | received badge | ● Popular Question (source) |
2022-06-06 09:43:59 +0000 | received badge | ● Popular Question (source) |
2022-03-14 22:57:32 +0000 | received badge | ● Popular Question (source) |
2022-02-21 12:26:37 +0000 | commented answer | OS X Monterey / IP ID 0x0000 I see. So since the IP Ident field is not required for frames flagged as Don't Fragment, some stacks set it to an arbit |
2022-02-19 00:16:39 +0000 | edited question | OS X Monterey / IP ID 0x0000 OS X Monterey / IP ID 0x0000 I'm analyzing a pcap capturing everything that an OS X box (running some recent flavor of M |
2022-02-18 23:48:52 +0000 | asked a question | OS X Monterey / IP ID 0x0000 OS X Monterey / IP ID 0x0000 I'm analyzing a pcap capturing everything that an OS X box (running some recent flavor of M |
2021-09-30 20:54:36 +0000 | received badge | ● Popular Question (source) |
2021-08-07 02:57:33 +0000 | received badge | ● Popular Question (source) |
2021-07-23 11:26:11 +0000 | answered a question | SMB client changing from one server interface to another OK, turns out that the NAS box supports SMB Multichannel, and I'm seeing it action. I will turn my attention to the NAS |
2021-07-21 11:27:13 +0000 | commented answer | SMB client changing from one server interface to another Different IP addresses (e.g. a.b.c.d for the 10G interface, a.b.c.f for the 1G interface, per my nomenclature above) |
2021-07-20 10:53:14 +0000 | edited question | SMB client changing from one server interface to another SMB client changing from one server interface to another I'm poring over a number of Windows 10 to SMB Server pcaps and |
2021-07-20 10:52:55 +0000 | edited question | SMB client changing from one server interface to another SMB client changing from one server interface to another I'm poring over a number of Windows 10 to SMB Server pcaps and |
2021-07-20 10:52:51 +0000 | edited question | SMB client changing from one server interface to another SMB client changing from one server interface to another I'm poring over a number of Windows 10 to SMB Server pcaps and |
2021-07-20 10:52:09 +0000 | edited question | SMB client changing from one server interface to another SMB client changing from one server interface to another I'm poring over a number of Windows 10 to SMB Server pcaps and |
2021-07-20 10:50:24 +0000 | asked a question | SMB client changing from one server interface to another SMB client changing from one server interface to another I'm poring over a number of Windows 10 to SMB Server pcaps and |
2021-06-27 01:13:45 +0000 | received badge | ● Notable Question (source) |
2021-04-19 07:36:10 +0000 | received badge | ● Popular Question (source) |
2021-01-08 18:59:18 +0000 | received badge | ● Rapid Responder (source) |
2021-01-08 18:59:18 +0000 | answered a question | What protocols do hosts use to perform host-name to IP address resolution OK, so stopping the AVG anti-malware service eliminates these UDP encrypted frames and the Client then issues its first |
2021-01-08 18:13:57 +0000 | commented question | What protocols do hosts use to perform host-name to IP address resolution OK, I've tried several browsers (FF, IE, Chrome); they each display the same pattern:http://www.skendric.com/dns/What-ar |
2021-01-08 17:47:03 +0000 | commented question | What protocols do hosts use to perform host-name to IP address resolution Hi Chris, ipconfig /displaydns shows no sign of these addresses, and disabling the other Ethernet NICs in the box did n |
2021-01-08 12:29:46 +0000 | asked a question | What protocols do hosts use to perform host-name to IP address resolution What protocols do hosts use to perform host-name to IP address resolution I am puzzled by how a client is finding the IP |
2020-04-27 10:20:24 +0000 | commented answer | Decoding IP payload in Unencrypted WiFi Packet I am filtering on 74:da:38:f0:8f:39, which I suppose excludes Beacons & Probe Responses OK, so what I'm learning he |
2020-04-26 12:33:50 +0000 | asked a question | Decoding IP payload in Unencrypted WiFi Packet Decoding IP payload in Unencrypted WiFi Packet I'm capturing on an Open SSID, predicting that I would be see the IP payl |
2020-03-25 21:17:11 +0000 | asked a question | Understanding the Identity Protection phase of the ISAKMP Exchange Understanding the Identity Protection phase of the ISAKMP Exchange I want to better understand the Identity Protection p |
2020-02-18 14:30:15 +0000 | marked best answer | stumbling over the use of io,stat,0,SUM I don't understand the output I get when I try to sum tcp.time_delta in a trace C:\Temp>tshark -r P-Inside-sliced.pcapng -o tcp.calculate_timestamps:TRUE -Y tcp.dstport==443 -qz io,stat,0,SUM(tcp.time_delta)tcp.time_delta ============================================ | IO Statistics | | | | Duration: 18.2 secs | | Interval: 18.2 secs | | | | Col 1: SUM(tcp.time_delta)tcp.time_delta | |------------------------------------------| | |1 | | | Interval | SUM | | |---------------------------| | | 0.0 <> 18.2 | 106.856631 | | ============================================ C:\Temp> The believe that the Total Time encompassed in this trace is 18.2s ... but then, how can the Sum of tcp.time_delta be ~106s? And further, if I sum tcp_time.delta in the other direction (notice the change from tcp.dstport to tcp.srcport) ... I would have predicted that the SUM would be some other number ... not ~106s again C:\Temp>tshark -r P-Inside-sliced.pcapng -o tcp.calculate_timestamps:TRUE -Y tcp.srcport==443 -qz io,stat,0,SUM(tcp.time_delta)tcp.time_delta ============================================ | IO Statistics | | | | Duration: 18.2 secs | | Interval: 18.2 secs | | | | Col 1: SUM(tcp.time_delta)tcp.time_delta | |------------------------------------------| | |1 | | | Interval | SUM | | |---------------------------| | | 0.0 <> 18.2 | 106.856631 | | ============================================ C:\Temp> See http://www.skendric.com/ask_wireshark for the pcaps
BTW: I have taken two pcaps, one from just inside a particular network device, the other from just outside same device, and I'm trying to use this technique to measure the device's impact on performance --sk |
2020-02-16 11:38:56 +0000 | commented answer | stumbling over the use of io,stat,0,SUM Ahh, got it -- thank you |
2020-02-15 13:11:34 +0000 | asked a question | stumbling over the use of io,stat,0,SUM stumbling over the use of io,stat,0,SUM I don't understand the output I get when I try to sum tcp.time_delta in a trace |
2020-01-07 19:10:30 +0000 | asked a question | stumbling over use of io,stat,0,SUM... stumbling over use of io,stat,0,SUM... I would like to use tshark to SUM tcp.delta_time in a pcap. But clearly I'm fumb |
2019-11-01 12:03:46 +0000 | commented question | How to change date format in IO Graphs Thank you Chuck |
2019-10-31 13:23:44 +0000 | asked a question | How to change date format in IO Graphs How to change date format in IO Graphs When I check the 'Time of Day' box in IO Graphs, I see time in HH:MM:SS ... and D |
2018-11-26 18:41:25 +0000 | received badge | ● Editor (source) |
2018-11-26 18:41:25 +0000 | edited question | How does 'Follow TCP Stream' work How does 'Follow TCP Stream' work How does this feature work? Occurs to me that perhaps it tracks source / destination |
2018-11-26 18:32:03 +0000 | asked a question | How does 'Follow TCP Stream' work How does 'Follow TCP Stream' work How does this feature work? Occurs to me that perhaps it tracks source / destination |