reconnaissance. Free
to all.
I agree with the need to understand the protocols! I co-authored “Guide to
TCP/IP” with Ed Tittel – not sure where it is sold – it’s used as a college
textbook – check Amazon I guess.
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst
I'd go! Sounds like a great idea, Gerald!
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst, Protocol Analysis Institute
**
This message is intended only for the use of the addressee an
no
DNS/DHCP. Then merge the two trace files. just an idea.
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst, Protocol Analysis Institute
**
This message is intended only for the use of
Yes, in the Capture Options window select "Limit each packet to bytes"
and fill out the number of bytes you want.
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst, Protocol Analysis
s until the
Window Update is received. It's a nice trace - it was a terrible download -
over a 32 second delay because of the client TCP buffer space being
overloaded. Ouch.
Laura Chappell
Founder, Wireshark University
Sr. Protocol/Security Analyst, Protocol Analysis Institute
ww
Jim,
If you can capture on both sides of the firewall with two time synced WS
systems then you can merge the trace files and note the delay at the
firewall.
10% is really high - now it may be that there is packet loss somewhere
upstream (closer to the HTTP server) and it's not your firewall's f
Keith,
You could go straight to the IEEE to read the list
(http://standards.ieee.org/regauth/oui/oui.txt) or do a lookup online
(http://standards.ieee.org/regauth/oui/index.shtml).
Hope that helps. (I couldn't access the link you provided, so I couldn't see
how the lookup tool worked - di
You can make a really nice graph of the MIN, MAX and AVG "frame.time_delta".
Statistics > IO Graph > Y Axis (set to Advanced).
Graph 1 - Black:AVG frame.time_delta
Graph 2 - Red: MIN frame.time_delta
Graph 3 - Green:
Yes - that's the idea. Even if you capture some really large trace files
that take too long to load, you can use editcap to split the file into
smaller pieces. Type editcap -h for more information, but the syntax is.
Editcap -c 10
Where is the name of your really large capture file and
Reza...
Here is an idea, but it will only dump the duplicate packet (not the
original) and it is set for TCP only. No UDP equivalent that I know of.
tshark -R tcp.analysis.retransmission -w
Use the capital 'R' to indicate you are using display filter syntax. The
retransmissions are def
10 matches
Mail list logo
