, but not play back the audio.
Cheers,
Met vriendelijke groet,
Sake Blok
Relational therapist for computer systems
+31 (0)6 2181 4696
sake.b...@syn-bit.nl
SYN-bit
Deep Traffic Analysis
http://www.SYN-bit.nl
> On 29 Sep 2021 (Wed), at 11:18, Nan Xiao wrote:
>
> Hi Community,
>
> Gr
> On 4 May 2020 (Mon), at 22:50, Peter Wu wrote:
>
> My proposed change:
>
> - Change the TCP sequence number-related fields to display the relative
> numbers when available. Fallback to raw numbers if they are simply
> not available (for example, when the "Analyze TCP sequence numbers"
>
> On 24 Apr 2019 (Wed), at 00:44, L A Walsh wrote:
> On 4/23/2019 12:32 PM, Sake Blok | SYN-bit wrote:
>>
>> Please note that RTT calculations are done from the view of the capture
>> point. So if you capture near system A, the roundtrip times for traffic
&
> On 23 Apr 2019 (Tue), at 19:42, L A Walsh wrote:
>
> How might I see or measure the rtt time of the remote->MasqServ?. I
> don't suppose it would be possible to have the the return-trip times,
> both to the MasqServ and to the client added together to see a total?
Please note that RTT
in this traffic.
Nagle would cause segments to not be sent immediately and DelayaedACK would
could ACK's after the delayed ack timer expires (usually 200ms). But again,
without looking at the packets, this is just speculating.
Cheers,
Met vriendelijke groet,
Sake Blok
Relational therapist
On Mon, Mar 24, 2008 at 02:39:52PM -0400, Albert Jurado wrote:
First of all, please don't reply to an existing message to start a
new thread. It will mess up the threading in a lot of mail-readers.
It's better to just create a new message...
I was wondering. I'm capturing packets from our
On Mon, Mar 17, 2008 at 03:47:57PM -0400, Rob MacKenzie wrote:
Great app, quick question.
I am using tshark as part of a larger program, and I need the packet
summaries from a pcap file.
I am getting the format I need by piping out from
tshark -r myfile.pcap -Ttext outfile.txt
My
On Thu, Mar 13, 2008 at 06:23:50PM -0400, info wrote:
When capturing packets with 802.1Q VLAN headers most of my capture
filters no longer work.
Presumably, this is due to the offset created by the 4-byte header.
How does one adjust for the offset to regain capture filter functionality?
On Fri, Mar 07, 2008 at 02:50:43PM +0100, Kovacs Peter Tamas wrote:
I thought it might be a network problem, so I've run Wireshark on the
capture machine, and looked at the trace. All I've seen is that packets
are sent in 200 ms intervals. Some packets are sent our rapidly, then
nothing
On Wed, Mar 05, 2008 at 11:07:36AM -0600, [EMAIL PROTECTED] wrote:
Hi,
I have a capture file where I have added the following filter:
ip.proto==0x11 and udp.port==162
Actually, the filter udp.port==162 implies that the packet needs to
contain udp traffic (ie ip.proto==0x11). So the filter
Hi Al,
There are a few common reasons for Wireshark not being able
to decrypt ssl traffic.
First of all, Wireshark might not be able to read the key (either
it's not there or it's in the wrong format or it might be protected
with a passphrase). In your logfile you have the message
ssl_init
On Mon, Mar 03, 2008 at 02:28:53AM -0800, Becky Vict wrote:
Hi everyone,
I have noticed a few retransmitted packets in my captures that are assigned
with new seq # by the server.
For example packets with seq. # 1, 2, 3, 4 are lost and the server
retransmits 1, 2, 11 and 12; 11 and 12
On Sat, Mar 01, 2008 at 10:30:16AM -0600, Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have a tool like
Wireshark because I can't interpret the raw packets. =)
Attached are three ping packets that my Wireshark PC caught. The info line
complains Bogus IP length
On Sat, Mar 01, 2008 at 03:58:31PM -0600, Frank Bulk wrote:
I used bittwiste to remove the first 12 bytes of the attached packet capture
that included a variety of traffic, and you'll see that some packets are
fine, but others, such as 4, 7, 8, etc are not.
Can anyone make sense of it?
As
On Fri, Feb 29, 2008 at 10:17:44AM -0500, Robert D. Scott wrote:
I am having trouble getting decrypted output.
Debug Output:
ssl_init keys string:
128.227.21.54,443,http,L:\2007\satst\satst.erp.ufl.edu.cer
ssl_init found host entry
128.227.21.54,443,http,L:\2007\satst\satst.erp.ufl.edu.cer
On Fri, Feb 22, 2008 at 07:40:54PM -0500, joans4nz wrote:
2008/2/20, Hansang Bae [EMAIL PROTECTED]:
joans4nz wrote:
I'm a network administrator in my new job and when I ran Wireshark I saw
to much ARP traffic level and Ntop show 86% broadcast traffic to.
86% of TOTAL traffic on your
On Thu, Feb 21, 2008 at 04:19:55PM +0530, vishal arya wrote:
Did everything by the book ,still tshark/wireshark fail to show may
contents on the payload data.
then i did some gooleing to find intresting stuff about ephemeral keys
cannot be decrypted.
please let me know if
On Thu, Feb 21, 2008 at 04:38:14PM +0100, Joerg Mayer wrote:
On Thu, Feb 21, 2008 at 12:21:42PM +0100, Sake Blok wrote:
then i did some gooleing to find intresting stuff about ephemeral keys
cannot be decrypted.
please let me know if TLS_DHE_RSA_WITH_AES_256_CBC_SHA ( AES 256 bit
On Mon, Feb 11, 2008 at 05:44:35PM -0600, Andy Alguire wrote:
Hello I need help in figuring out this capture. We are seeing
network disconnect daily,
What do you mean when you say network disconnect? What are the
symptoms?
primarily at end of day when users are logging out.
Are the users
On Tue, Feb 12, 2008 at 02:17:39AM -0800, J V wrote:
I'm new in Wireshark and have one question. Where to see data I transfer?
Question is because I tranfer by ftp 90 bytes BMP file with appropriate
capture
filtr. When look to packet detail frame I see
Frame 4 118 bytes
On Mon, Feb 11, 2008 at 02:48:17PM -0800, Guy Harris wrote:
Joerg Mayer wrote:
AFAIKT, the offer is perfectly legal.
Legal, but some would consider it wrong, as a customer might not know
that a version is available for USD/EUR/UKP/RMB/JPY/CAD/BRL/RUB/INR/{ok,
ok, we get it -ed :-)}
On Fri, Feb 08, 2008 at 09:41:16AM -0800, Bob Keyes wrote:
I've been trying to figure out some weirdness with the
Amtrak reservations web site, and have applied
Wireshark to the task. Packets are sniffed, tcp
streams assembled, but when it comes time to decode
gzip encoded content, I get
On Wed, Feb 06, 2008 at 12:49:35PM +0530, Vishal Arya wrote:
is there a way to open a capture file with encrypted ssl data and use the
http server's rsa key to decrypt it and save is as a new decrypted capture
file.
No, this is not possible. The decryption only decrypts the ssl packets
for
On Wed, Feb 06, 2008 at 01:51:43PM -0500, James Pifer wrote:
Hi. I've been googling and using the wiki but I can't figure out if this
is possible.
I'm trying setup a capture filter to capture only data where the ip
address contains a certain part of an ip address. We have a lot of
servers
On Wed, Feb 06, 2008 at 06:42:10PM -, Scott Sheppard wrote:
I have a data set with 50,000 packets in it. Many of them have a TCP/IP
packet with a payload that follows a pattern. The pattern is a 1024 byte
payload with 55 aa 55 aa etc hex in it. I want to filter this data set and
count
On Wed, Feb 06, 2008 at 02:46:21PM -0500, James Pifer wrote:
I would also like to filter NBNS protocol. Right now I have a display
filter like this:
nbns.flags == 0x2810 || nbns.flags == 0x2910
Again, I'd rather have this in a capture filter in case I want to start
saving it.
You could
On Wed, Feb 06, 2008 at 10:14:29PM +0100, Sake Blok wrote:
On Wed, Feb 06, 2008 at 02:46:21PM -0500, James Pifer wrote:
I would also like to filter NBNS protocol. Right now I have a display
filter like this:
nbns.flags == 0x2810 || nbns.flags == 0x2910
Again, I'd rather have
On Mon, Feb 04, 2008 at 09:49:51PM -0500, Michael Wallace wrote:
I've read through lots of previous info and docs but still haven't figured
out how to add other data to columns in the Packet List pane. I'm talking
about fields not shown in the small list of the pull-down menu, Format:.
This
On Tue, Jan 29, 2008 at 03:31:44PM -0600, Sadiq Shareef XX wrote:
I am trying to decode two non standard http ports (eg. 4567 7865) as
http traffic in a pcap file.
Currently we use the GUI to say decode as twice (one for each port)
under the analyze menu. We want to do this on the command
On Mon, Jan 28, 2008 at 02:01:30PM +0100, [EMAIL PROTECTED] wrote:
Hello everybody,
I am searching for a way to display the maximum bytes per second
from a particular capture file. The summary shows only an average
value.
What I want is basically what the IO graphs show but without
On Fri, Jan 25, 2008 at 09:21:10AM +0100, Ben Stover wrote:
Currently I receive all postings in this mailing list as a daily digest.
How can I switch to single eMails mode WITHOUT completely
unsubscribing and re-subscribing again ?
On web page
On Thu, Jan 24, 2008 at 03:26:37PM -0800, jacob c wrote:
I have a linux load balancer appliance where some user is constantly
making too many connections to some unknow ip address. When this
happens it eventually uses up all 65,000 ports. Is there some way
to take a massive capture and then
On Tue, Jan 22, 2008 at 12:27:24PM -1000, Acy Nonyxx wrote:
I have broadband through my cable company. I unplugged the router and
plugged my computer directly into the cable modem and ran wireshark to see
what I would see.
What I see most is almost non-stop ARP broadcasts coming from the
On Mon, Jan 21, 2008 at 04:57:01PM +0100, Fr?d?ric BERNON wrote:
My problem is to be able to use Analyze\Expert info without having
TCP bad checksum errors. Else, I can't see real problems I want to
analyze (retransmissions, dup ack...). The Severity filter can't
help me: what I need is
posted some days ago at the request of Joerg Mayer, Andrew Hood, Sake
Blok, and Guy Harris.
We asked you to provide us with capture files in raw data format so that
we are able to load the data into wireshark. Up till now you have provided
us with screendumps and text output. Analysing these images
On Tue, Jan 15, 2008 at 09:21:59PM -0500, Patrick wrote:
Hi Everyone
There is a great list of hubs here:
http://wiki.wireshark.org/HubReference
Unfortunately I have not found any of the simpler types still sold in
stores. I am just looking for a small inexpensive hub so I can hub out a
On Tue, Jan 15, 2008 at 11:36:05PM -1000, E B wrote:
Thank you for the help with Windump, I couldn't figure out how to print it
to a text file.
So instead I used Snagit to make images of the List, Details, and Bytes from
3 separate captures.
Since you are able to get the packets into
On Thu, Jan 10, 2008 at 03:05:19PM +0100, Marc Luethi wrote:
On Wed, 2008-01-09 at 16:02 -0700, Stephen Fisher wrote:
On Wed, Jan 09, 2008 at 11:45:33PM +0100, Marc Luethi wrote:
tshark -r file.pcap -T fields -e data
This yields to output in hex, which I could cope with, but it
On Thu, Jan 10, 2008 at 03:42:15PM +, Martin Mathieson wrote:
On Jan 10, 2008 3:38 PM, Martin Mathieson [EMAIL PROTECTED]
wrote:
How'bout:
tshark -r capture-file -T fields -e frame.time -e data |\
grep `echo -n ascii-string | xxd -p` |\
cut -f 1
Hex-conversion on
On Fri, Dec 28, 2007 at 04:45:04PM -0300, Anderson Pow wrote:
Hi guys, I'm glad to be here, im brazilian boy
marveled by wireshark.
We all have that in common :-)
I need to know, how many percent one single IP uses
the terminal server on my windows 2003 server.
Well, Wireshark only knows
On Fri, Dec 21, 2007 at 10:10:45PM -0700, Stephen Fisher wrote:
On Fri, Dec 21, 2007 at 10:00:54PM -0500, Jay Levitt wrote:
As far as I can tell from searching the forum, there's no good way to
keep Wireshark up and running and capturing to an in-memory circular
buffer,
Correct.
On Sat, Dec 22, 2007 at 02:38:24PM +0100, Jaap Keuter wrote:
Jay Levitt wrote:
On 12/22/2007 4:01 AM, Sake Blok wrote:
On Fri, Dec 21, 2007 at 10:10:45PM -0700, Stephen Fisher wrote:
On Fri, Dec 21, 2007 at 10:00:54PM -0500, Jay Levitt wrote:
As far as I can tell from searching
On Mon, Dec 17, 2007 at 06:30:10PM +0200, Yoav Newman wrote:
Dear Bae,
Thanks for the answer. The things I'm looking for is to manually identify
each binary fiels vs. its ascii value.
(e.g. the binary format fields which represent the Arrival time value,
etc...)
The idea is to make an
On Thu, Dec 13, 2007 at 02:19:15PM -, Keith French wrote:
What does the use of the single ampersand () do in the last part of the
filter:-
frame.number 1
I can't find this documented, only the for AND?
It will take the value of frame.number and *bitwise* and this value
with the
On Sat, Dec 08, 2007 at 04:22:40PM +0100, Robert Hoffmann wrote:
3) It waits until all ACKs for the segements sent in 2.) have been received
(often that's 250 ms doing nothing at all!).
4) It sends 6-20 segments and so on until the file has been sent completely.
This reminds me of problems
Hi Lars,
I will answer your questions in reverse order as they are related to each
other and the answer on 3 helps to understand 2 and 1 :-)
#3. Viewing a tcp packet I noticed that it was stamped iwth 'TCP
Retransmission'. Fair enough, just a lost packet being
retrasmitted (the packet was
On Fri, Dec 07, 2007 at 10:43:48AM +0100, Lars Lars wrote:
Thanks for the excellent reply.
You're welcome :-)
Do you have a date for the release of the next version of Wireshark?
It will be out somewhere in the coming weeks, a Windows pre-release is
available at:
On Thu, Dec 06, 2007 at 10:18:47PM -0500, Hansang Bae wrote:
Reynolds, Tom wrote:[snip: moving datacenter. using ftp to test the
throughput]
Downloads and uploads (from a DSL line) to Philadelphia. Everything is
great. We get a solid 3 Mb/s download and a solid 750k upload.
On Mon, Dec 03, 2007 at 10:05:39AM +0300, Asif wrote:
Stephen Fisher wrote:
On Mon, Dec 03, 2007 at 09:33:19AM +0300, Asif wrote:
I want help on how to create Capture Filter for a specific host.
See:
http://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html
On Fri, Nov 30, 2007 at 01:47:38PM -0600, Daniel Koepke wrote:
Is the MAC address in the scan validate or is it transposed or
deciphered correctly
It mostly is, but that does not say there can't be a bug somewhere.
Can the FC protocal be run over ethernet or how should I view these scans
On Thu, Nov 29, 2007 at 03:00:51PM -, Whiston, Gaetan wrote:
Hello - does anyone know how I can print or save to text file the
Protocol Hierachy window.
I'd like to save the info for baseline reporting purposes.
That functionality is not yet part of Wireshark, the only way to
keep this
On Thu, Nov 22, 2007 at 11:37:08AM +0100, Xu Yao wrote:
I would like to know if it's possible to display the capture in text format
in stdout and save it in a file in pcap format at the same time during a
live capture.
Yes, that's possible
If so, what's the command to do so in tshark?
On Mon, Nov 19, 2007 at 11:49:26AM -0600, Brian Swan wrote:
I've had a problem for a while now with my laptop and wireshark/WinPCap.
If I configure a mirror port on a switch, and sniff the traffic, all I
ever get is broadcasts (under windows).
Is the Capture packets in promiscuous mode
On Mon, Nov 19, 2007 at 02:11:41PM -0800, Trevor Tolk wrote:
H. Well, I see the problem, though it opens different questions...
I'm using an HP 2600 series switch.
I'm afraid I don't have any experience with HP switches
I have 3 vlans, but no ports are
tagged (they are all untagged).
On Fri, Nov 16, 2007 at 07:54:53AM -0500, bmcmanus wrote:
There was no port mirroring active on the new switch. This is a
flat class B network (Note: we are working to correct
that).
How many hosts on that flat network? I'm sure you're not using the
whole B-net?
My monitoring PC address
On Thu, Nov 15, 2007 at 05:49:57PM -0800, Trevor Tolk wrote:
capture filter:
host 65.98.143.227
Could it be that the frames coming from the mirrored port are
vlan-tagged (if so, they have a [802.1q] header in the packet
detail pane).
If they are, you must use the capture filter vlan and
On Wed, Oct 17, 2007 at 01:17:53PM +0300, Bogorev Andrey wrote:
I am experiencing in a problem with capture filter. I log in to sniffer
PC(Windows 2000) remotely and define capture filter as host a.a.a.a and
after that start ping from a.a.a.a to b.b.b.b but I see just reply from
b.b.b.b to
On Wed, Sep 26, 2007 at 11:48:39PM +0200, Gael Anguilet wrote:
Hello,
I am using wireshark Version 0.99.5 (SVN Rev 20677)
I need to make a capture using tshark.
I just want to generate a new capture file every 15 secondes, so I have
written this :
tshark -i 2 -b duration:15 -w
Rafael,
As Jaap said, this feature was just added to the project. I am in
the process of creating the code to be able to have these fields
in a column too. I think that would give you the functionality you
are seeking.
Cheers,
Sake
On Thu, Sep 27, 2007 at 06:57:29AM +0200, Jaap Keuter
Hi Steve,
Does it show other http responses as HTTP? If so, could you send in a little
capture file (just the tcp stream containing the 401) that shows this
behaviour? If not, what are your settings in the tcp and http protocol
preferences?
Cheers,
Sake
- Original Message -
From:
sub-dissector first.
Thanks,
Steve
Sake Blok wrote:
Hi Steve,
Does it show other http responses as HTTP? If so, could you send in a little
capture file (just the tcp stream containing the 401) that shows this
behaviour? If not, what are your settings in the tcp and http protocol
On Sun, Sep 23, 2007 at 02:03:09PM -0400, Tom Maugham wrote:
I have just installed Wireshark on a laptop which I want to use to monitor
my home network. My setup is three desktops connected to a Westell 327W
Verizon DSL wirless router. One desktop is hardwired and the other two and
the laptop
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sake Blok
Sent: Sunday, September 23, 2007 2:23 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Newbie question
On Sun, Sep 23, 2007 at 02:03:09PM -0400, Tom Maugham wrote:
I have
On Sat, Sep 15, 2007 at 11:18:41PM -0700, Becky Vict wrote:
Does anyone know any tool to combine captures I got from Wireshark
Take a look at mergecap which is distributed with Wireshark?
and then plot Average Throughput for these captures?
Take a look at the IO graphs option in the
Hi Scott,
[...]
However the exported data is just what is seen in the summary field and I am
interested in listing all the fields from a Frame, Ethernet, IP header etc.
I do not need the payload bytes.
Can this be accomplished?
Yes, have a look at tshark, especially the following
On Thu, Sep 06, 2007 at 11:33:48AM +0900, Horyong Choi wrote:
As you see the Table 4.2.13-3 of 3GPP2 A.S0009-B v1.0 HRPD IOS-B, A11
RRQ-CVSE-Active Start Airlink Record-Subtype 108 is expressed to Subnet.
But wireshark show to Unknown 3GPP2 Attribute (Type:26, SubType:108).
See the under
Hi Aleksander,
Anyone have tips on how you loose a few bytes? I get 12 bytes between
the Ethernet header and IP header. This means that wireshark does not
recognize the IP header as, and I can't use any of the wireshark's
advanced features.
Anyone know how to get rid of those bytes,
Hi,
I started to use MATE to link packets to each other in Wiresharl/Tshark
and do some analysis on the set. I was able to get some things working
aleady and I think it is a great plugin. I do have some questions
though. When I look at the information on the Wiki I am a bit confused
by the two
IchBin wrote:
The only problem I have is this just started last week. I have had this
connection since sometime in April. Why would it just now start to rear
it's head?
What exactly do you mean by this in the sentence this just started
last week? Do you mean the very slow network
On Fri, Jun 29, 2007 at 03:38:49PM +0900, Mitsuho Iizuka wrote:
Secondly, you need to change your filter string. The filter
tcp.port != 1035 tcp.port != 1036 means look for a packet
where EITHER tcp.port does not equal 1035 AND EITHER tcp.port does
not equal 1036. The correct filter
On Thu, Jun 28, 2007 at 05:54:01PM +0900, Mitsuho Iizuka wrote:
Ummm ...I'm fool...
Yes, Those are only 4 IPs. I will do it.
No! No! All the packets to the LDAP server come from LB including
helth check packets.
LB substitutes all the incoming MAC addresses as well. Does anyone
know
On Fri, Jun 29, 2007 at 11:05:47AM +0900, Mitsuho Iizuka wrote:
Exactly, editcap just takes frame-numbers or times as filters. But you
can use tshark for your purpose like this:
tshark -r in-file -w out-file -R display-filter of frames you want to
keep
If you have a complex
On Tue, Jun 19, 2007 at 08:41:51PM +0200, someone somewhere wrote:
Today, my ISP was having some problems. Before I knew that it was the ISP's
fault, I ran wireshark but got some strange results. I only got ARP and DHCP
traffic when I was pinging a host with no success (by ip address, not
On Tue, Jun 19, 2007 at 04:48:15PM -0400, Rob Campbell wrote:
Just curious if this is a known issue or something that is out of
your control.
I noticed that some of the flows in my pcaps have nowhere near the
expected number of packets after separating an individual flow using
editcap.
On Wed, May 30, 2007 at 03:34:29PM -0400, [EMAIL PROTECTED] wrote:
I captured DCERPC traffic and then I did a filter to isolate a particular
call ID with that filter : dcerpc.cn_call_id == 96
I went trough that problem:
When selecting the option Allow subdissector to reassemble TCP
On Mon, May 21, 2007 at 05:51:13PM -0700, Gerald Combs wrote:
Sake Blok wrote:
On Mon, May 21, 2007 at 12:16:46PM +0530, Kaushal Shriyan wrote:
Can I have a list of supported protocols on Wireshark and does Wireshark
supports smb protocol.
I did a quick check on www.wireshark.org
On Tue, May 22, 2007 at 02:37:08AM -0400, Korn Vajanapoom wrote:
How could I extract the time stamp information from a captured file (which
is big more than ten thousand entries) ?
I want to use these numbers for a latency calculation.
If you use a recent automated build available on
On Mon, May 21, 2007 at 12:16:46PM +0530, Kaushal Shriyan wrote:
Can I have a list of supported protocols on Wireshark and does Wireshark
supports smb protocol.
I did a quick check on www.wireshark.org and wiki.wireshark.org. I did
not find a page with the supported protocols.
Could someone
On Tue, May 15, 2007 at 09:51:20AM -0700, Guy Harris wrote:
Stefan Puiu wrote:
Is it possible (with this wireshark version) to specify a filter along the
lines of all packets that carry option x with value y?
As far as I can tell, all I can currently specify is one packet that
has
On Fri, May 04, 2007 at 11:38:13AM +0200, Roman Daszczyszak wrote:
This is probably obvious, but my Google-fu seems to be weak today.
I have a trace file that I was to see any packet of a conversation
between an IP on my network with one outside the network (aka filter
inter-network
On Wed, May 02, 2007 at 04:25:31PM -0800, Irakli Natshvlishvili wrote:
It does, thanks.
But I still have a problem applying the correct filter. For example, here is
content of UDP packet:
-
SIP/2.0 200 OK
To:
Hi all,
While analysing a problem today I discovered that I had missed packets in
my session after capturing with a filter like vlan and host x.x.x.x.
After making a trace with no filter, I could see that packets in one
direction were tagged, while they were not tagged in the other direction.
On Tue, Apr 24, 2007 at 08:21:38PM +0200, Franz Edler wrote:
Thanks again. You are right. The packets are cut after 1500 bytes.
The problem is now at Linux tcpdump which was the tool that produced the
trace.
Did you by any chance use a filter with port numbers? Since port numbers
are only
On Thu, Apr 19, 2007 at 08:51:44AM -0400, S R wrote:
Would you like me to send the captures to you at [EMAIL PROTECTED]
[EMAIL PROTECTED] We are not having problems with all users, all
domains. Inbound and outbound.
Yes, please send the capture of one session (zipped or gzipped) to
[EMAIL
On Wed, Apr 18, 2007 at 11:18:15PM -0400, S R wrote:
I'm having some problems interpreting this log, but it appears at times that
I'm not getting an ACK from my router, so I retransmit, which continues for
2 days until the timeout and the msg bounces with a rejection notice.
I assume that
On Thu, Apr 12, 2007 at 11:24:48PM -0400, Small, James wrote:
[Malformed Packet: SSL]
Is the packet really malformed, or is it possible that Wireshark
doesn't support the cipher being used? If so, is there any way to
tell if the packet is really malformed versus Wireshark
On Fri, Apr 13, 2007 at 02:48:00PM -0700, Tennis Smith wrote:
Cool idea!
I'm googling as we speak. ;-)
Oh, if you look for a Windows program doing the same, google for PRTG :)
Cheers,
Sake
___
Wireshark-users mailing list
[EMAIL PROTECTED]
On Tue, Apr 10, 2007 at 11:07:29AM -0400, Small, James wrote:
Hello,
When using Wireshark 0.99.5 on Windows, sometimes I see:
[Malformed Packet: SSL]
e.g.:
No. TimeSourceDestination Protocol Src
Port Dst Port Delta Info
381 15.301101
On Thu, Apr 12, 2007 at 10:09:41PM +0200, Sake Blok wrote:
Transmission Control Protocol, Src Port: 3128 (3128), Dst Port: 1136
(1136), Seq: 9184, Ack: 1341, Len: 1260
Hypertext Transfer Protocol
Secure Socket Layer
TLSv1 Record Layer: Application Data Protocol: http
On Mon, Apr 09, 2007 at 11:54:08AM -0400, Jeffrey Ross wrote:
I'm looking to decode a https session between two systems. One of the
systems was my workstation, a Windows XP system using Internet Explorer 6,
the other system was an IBM WebSeal. I've obtained the key from the
webseal but I
On Mon, Apr 09, 2007 at 01:00:32PM -0400, Mark Roggenkamp wrote:
Also, if the https session isn't using client auth then you probably only
need the private key of the WebSeal host.
Even if the https-connection IS using a client-certificate, the private
key of the client-certificate is only used
On Mon, Apr 09, 2007 at 02:46:50PM -0400, Jeffrey Ross wrote:
Sounds about right to me :)
So either I'm still doing something wrong or the administrator has
provided me with the incorrect key, possible but not likely.
Any help would be appreciated...
Could you enable
On Sat, Apr 07, 2007 at 08:48:21AM +0100, Tim Everitt wrote:
I believe that some of the Conversation counters do not operate correctly
when packets have been captured with a packet length limit (or -s in
tshark).
[...]
I suspect that the Ethernet and IPv4 counters are not counting truncated
On Thu, Apr 05, 2007 at 04:19:54PM -0500, Michael Bann wrote:
I run tshark -f `cat /path/to/my_filter` and I get the following error:
tshark: Capture filters were specified both with -f and with
additional command-line arguments
You need to put the filter in quotes so that the OS sees it as
Hi Jim :)
On Fri, Mar 02, 2007 at 04:24:01PM -0500, Small, James wrote:
One more thing I didn't mention - the problems are mainly between 7-3
when they have their peak load. However, they are usually not getting
to more then 70% of their theoretical bandwidth capacity so I'm not sure
that
On Wed, Feb 21, 2007 at 11:06:44AM +0100, Ulf Lamping wrote:
Stephen Fisher wrote:
and give feedback on the implementation and if they can think of a
better top-level menu to put it under (View perhaps?).
Basically, the View menu is about *how* things are displayed, and not to
On Wed, Feb 21, 2007 at 09:24:45PM +0100, Ulf Lamping wrote:
Sake Blok wrote:
Would't this be option be feeling more at home under the File menu?
It is about exporting parts of the data-stream. My suggestion would be:
File | Export | Objects.
Yes, you're right, File is the place
On Thu, Feb 08, 2007 at 09:03:58AM -0500, Chad Handrich wrote:
I have a network client application that runs fine while I am debugging (no
TCP errors),
but when I run the release version, it runs incredibly slow. It runs as a
series of
transactions, where each transaction is a separate
Hi Edwin,
You may find a previous posting of me useful:
http://www.wireshark.org/lists/wireshark-users/200611/msg00329.html
It contains a little perl script that saves the data within an udp-stream...
Hope this helps, Cheers,
Sake
- Original Message -
From: Hogeweg, Erwin (GE
Cor,
Most Wireless cards won't work in promiscuous mode under Windows. If you
untick the Promiscuous mode option in the capture setup screen, you will
probably see traffic. Please note that you will only see traffic to and from
your own laptop as well as broadcasts.
Hope this helps, Cheers,
1 - 100 of 102 matches
Mail list logo
