[Wireshark-users] SNMPv3 USM decryption
Hi folks, in rev 20393 I checked in the code to verify authentication and dercypt SNMPv3 packets. Now, I only have a limited set of SNMP packets against which to test the code, all of them generated by net-snmp. It would be nice if other people could test the feature maybe against something different that net-snmp. The format of the users file is described in the SNMP wiki page http://wiki.wireshark.org/SNMP Thanks, Luis -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] TCP out of order segments
You'll want to do a packet trace of the transmitting computer and see if they're being sent out on an orderly basis. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher Sent: Thursday, January 11, 2007 10:50 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP out of order segments On Thu, Jan 11, 2007 at 03:10:46AM -0500, L SB wrote: Would asymmetric routing be a problem if the machines exist on the same subnet? No, since there is no routing going on there. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Capturing with no free ips
You can capture without the computer having its own IP. I'm doing this myself on a Linux machine using the tcpdump utility (just to grab the packets for later analysis) but you can do it directly from wireshark too of course. On 11.01.2007, at 18:38, Computer Answer wrote: I'd like to use Ethereal/Wireshark at one of my customer sites and need some help. Specifically I need to setup a packet capture on a public segment with no free IPs. Basically, whether the capturing computer has to have an IP address on the same segment as the device connected to the Internet, the server (Novell) in this case, or whether it can capture all traffic (possibly as long as at least some aspects of the IP setup are similar) ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users Andreas Fink Fink Consulting GmbH Global Networks Schweiz AG BebbiCell AG --- Tel: +41-61-330 Fax: +41-61-331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland E-Mail: [EMAIL PROTECTED] www.finkconsulting.com www.global-networks.ch www.bebbicell.ch --- ICQ: 8239353 MSN: [EMAIL PROTECTED] AIM: smsrelay Skype: andreasfink Yahoo: finkconsulting SMS: +41792457333 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] TCP out of order segments
I did some more testing and it is only happening on one PC. I have tried changing network cards and even the motherboad and a new network connection. At this point, it seems to be software related. Do you think LANMAN could cause this flood of out of segment packets? From: Frank Bulk [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],Community support list for Wireshark wireshark-users@wireshark.org To: 'Community support list for Wireshark' wireshark-users@wireshark.org Subject: Re: [Wireshark-users] TCP out of order segments Date: Thu, 11 Jan 2007 15:41:04 -0600 You'll want to do a packet trace of the transmitting computer and see if they're being sent out on an orderly basis. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher Sent: Thursday, January 11, 2007 10:50 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP out of order segments On Thu, Jan 11, 2007 at 03:10:46AM -0500, L SB wrote: Would asymmetric routing be a problem if the machines exist on the same subnet? No, since there is no routing going on there. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _ From photos to predictions, The MSN Entertainment Guide to Golden Globes has it all. http://tv.msn.com/tv/globes2007/?icid=nctagline1 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] If anyone is willing to look at a capture???? TCP out of order segments
ronnie, You should take a look at this capture. These out-if-order packets look to me more like retransmissions. L, It appears that 192.168.70.42 transmits twice every TCP packet. What's the cause I can't tell but that's certainly a problem of that box. Try disabling the firewall if you have it and see if it still happens. On 1/12/07, L SB [EMAIL PROTECTED] wrote: This is the capture from the PC I am having so many out of order packets from. If anyone is kin enough to take a peak and maybe save my sanity, I would be forever grateful. As you can see it is happening with multiple destinations. I have ruled out faulty nics, the network connection and even the PC itself (swapped the harddrive into a new machine). My only other step is to just reformat the PC??? From: L SB [EMAIL PROTECTED] Reply-To: Community support list for Wireshark wireshark-users@wireshark.org To: wireshark-users@wireshark.org Subject: Re: [Wireshark-users] TCP out of order segments Date: Thu, 11 Jan 2007 19:04:29 -0500 I did some more testing and it is only happening on one PC. I have tried changing network cards and even the motherboad and a new network connection. At this point, it seems to be software related. Do you think LANMAN could cause this flood of out of segment packets? From: Frank Bulk [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],Community support list for Wireshark wireshark-users@wireshark.org To: 'Community support list for Wireshark' wireshark-users@wireshark.org Subject: Re: [Wireshark-users] TCP out of order segments Date: Thu, 11 Jan 2007 15:41:04 -0600 You'll want to do a packet trace of the transmitting computer and see if they're being sent out on an orderly basis. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher Sent: Thursday, January 11, 2007 10:50 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP out of order segments On Thu, Jan 11, 2007 at 03:10:46AM -0500, L SB wrote: Would asymmetric routing be a problem if the machines exist on the same subnet? No, since there is no routing going on there. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _ From photos to predictions, The MSN Entertainment Guide to Golden Globes has it all. http://tv.msn.com/tv/globes2007/?icid=nctagline1 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _ Fixing up the home? Live Search can help http://imagine-windowslive.com/search/kits/default.aspx?kit=improvelocale=en-USsource=hmemailtaglinenov06FORM=WLMTAG ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] [Wireshark-dev] If anyone is willing to look at a capture???? TCP out of order segments
They are neither retransmissions nor out of order they are duplicated by the stack/winpcap during packet capturing See http://wiki.wireshark.org/CaptureSetup/InterferingSoftware On 1/12/07, Luis Ontanon [EMAIL PROTECTED] wrote: ronnie, You should take a look at this capture. These out-if-order packets look to me more like retransmissions. L, It appears that 192.168.70.42 transmits twice every TCP packet. What's the cause I can't tell but that's certainly a problem of that box. Try disabling the firewall if you have it and see if it still happens. On 1/12/07, L SB [EMAIL PROTECTED] wrote: This is the capture from the PC I am having so many out of order packets from. If anyone is kin enough to take a peak and maybe save my sanity, I would be forever grateful. As you can see it is happening with multiple destinations. I have ruled out faulty nics, the network connection and even the PC itself (swapped the harddrive into a new machine). My only other step is to just reformat the PC??? From: L SB [EMAIL PROTECTED] Reply-To: Community support list for Wireshark wireshark-users@wireshark.org To: wireshark-users@wireshark.org Subject: Re: [Wireshark-users] TCP out of order segments Date: Thu, 11 Jan 2007 19:04:29 -0500 I did some more testing and it is only happening on one PC. I have tried changing network cards and even the motherboad and a new network connection. At this point, it seems to be software related. Do you think LANMAN could cause this flood of out of segment packets? From: Frank Bulk [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED],Community support list for Wireshark wireshark-users@wireshark.org To: 'Community support list for Wireshark' wireshark-users@wireshark.org Subject: Re: [Wireshark-users] TCP out of order segments Date: Thu, 11 Jan 2007 15:41:04 -0600 You'll want to do a packet trace of the transmitting computer and see if they're being sent out on an orderly basis. Frank -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher Sent: Thursday, January 11, 2007 10:50 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] TCP out of order segments On Thu, Jan 11, 2007 at 03:10:46AM -0500, L SB wrote: Would asymmetric routing be a problem if the machines exist on the same subnet? No, since there is no routing going on there. Steve ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _ From photos to predictions, The MSN Entertainment Guide to Golden Globes has it all. http://tv.msn.com/tv/globes2007/?icid=nctagline1 ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users _ Fixing up the home? Live Search can help http://imagine-windowslive.com/search/kits/default.aspx?kit=improvelocale=en-USsource=hmemailtaglinenov06FORM=WLMTAG ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users