On Nov 16, 2006, at 3:13 PM, ronnie sahlberg wrote:
> wireshark uses heuristics to determine if something is a keepalive
> or not:
>
>
> It assumes it is a keepalive IF
> the left edge decreases by one (sequence number 1 smaller than the
> next expected one)
> the segment contains exactly 0
wireshark uses heuristics to determine if something is a keepalive or not:
It assumes it is a keepalive IF
the left edge decreases by one (sequence number 1 smaller than the next
expected one)
the segment contains exactly 0 or 1 bytes of payload data
/* KEEP ALIVE
* a keepalive con
On Thu, Nov 16, 2006 at 07:41:41AM -0800, imfaus wrote:
> From parsing through the documentation, I did'nt see any explanation
> on keep-alives or how wire shark knows the TCP packet is in fact a
> "keep-alive" packet. I have a particular capture and I am lead to
> believe that there might be s
I guess it would be a better idea to take the data directly from the
libpcap-file then?
On Thu, 16 Nov 2006 11:23:38 +0800, "Jeff Morriss"
<[EMAIL PROTECTED]> said:
>
> Though that does rely on Wireshark/tshark's output not changing. (E.g.,
> if I currently match on FooBar and it changes to Foo
>From parsing through the documentation, I did'nt see any explanation on
>keep-alives or how wire shark knows the TCP packet is in fact a "keep-alive"
>packet.
I have a particular capture and I am lead to believe that there might be some
keepalives, but I was curious. Does the tool look for a pa
Hello Jeroen,
>>> "Jeroen Wolff" <[EMAIL PROTECTED]> 11/16/06 8:27 AM >>>
> Hi,
> I've running into a tcp reset connection wich i don't understand.
> Can somebody explain it to me? That would be great!
[snip]
In the first session (frames 28-37), it's the loadbalancer
(10.132.32.124), that starte
Hello Benoit,
>>> "Benoit Lanteigne" <[EMAIL PROTECTED]> 11/16/06 10:42 AM >>>
> Hi everyone,
>
> I am a new user of wireshark and I have a problem. I have a file
> containing 15 minutes of captured traffic. I am trying to use a
display
> filter to filter the source IP like this ip.src == 10.10
Hi,
This can happen. The filter matches any packet having a dissected field
"ip.src" with the value "10.10.0.108". This is not necessaraly limited to
the IP layer. Also a payload can contains such fields, like in ICMP
messages or trace protocols.
Thanx,
Jaap
On Thu, 16 Nov 2006, Benoit Lanteigne
Hi everyone,
I am a new user of wireshark and I have a problem. I have a file
containing 15 minutes of captured traffic. I am trying to use a display
filter to filter the source IP like this ip.src == 10.10.0.104. In most
case this works fine, but for some IP it does not. For instance, if I
us
Jeroen,
>From what you included below, it looks like after the upgrade, the web
server responds with an extra/extraneous FIN segment. In the before
scenario, you have a proper shutdown - FIN/ACK & ACK (close one
direction), FIN/ACK & ACK (close other direction). In the after
scenario you have
Hi,
I've running into a tcp reset connection wich i don't understand.
Can somebody explain it to me? That would be great!
We have 2 IBM IHS webservers (Apache 2.0.x) with a Avaya loadbalancers on
top. The loadbalancers does every
5 seconds a healthcheck with an GET / HTTP/1.1 request. Now the h
11 matches
Mail list logo