Good news: After one month of (slowly) working with Cisco's TAC the (third)
tech reproduced the problem.
I've asked Cisco to supply me a Bug ID.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk
Sent: Friday, February 29, 2008 10:34 PM
] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Thanks! Did you use bittwiste with the '-D' option to remove the first 24
bytes?
Actually: I did it the hard way using Wireshark export, an editor and
then text2pcap. :)
(It's only the first 12 bytes that need to be removed
-users] Decoding packets from a Cisco's ip
traffic-export flow
On Sat, Mar 01, 2008 at 10:30:16AM -0600, Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have a tool like
Wireshark because I can't interpret the raw packets. =)
Attached are three ping packets that my
: Sake Blok [mailto:[EMAIL PROTECTED]
Sent: Sunday, March 02, 2008 8:21 AM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
On Sat, Mar 01, 2008 at 03:58:31PM -0600, Frank Bulk wrote:
I used bittwiste
Yes, there is: http://www.nirsoft.net/utils/mailpv.html
Frank
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Daniel at
EnigmaBiz
Sent: Monday, March 03, 2008 12:37 PM
To: wireshark-users@wireshark.org
Subject: [Wireshark-users] Wireshark to obtain password (Yahoo Mail -
Good catch!
I used that information to put together a batch file that repairs all the
entries in the packet flow that I have. It came down to 4 different cases.
I basically end up stripping out the PPPoE section.
REM Mostly ipversion=0 and all of ipversion=5
C:\Program
-repaired.pcap
c:\temp\tmp-b-a.pcap c:\temp\tmp-b-b.pcap c:\temp\tmp-c.pcap
c:\temp\tmp-b-d.pcap
del c:\temp\tmp*.pcap
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank Bulk
Sent: Monday, March 03, 2008 4:15 PM
To: Community support list for Wireshark
]
[mailto:[EMAIL PROTECTED] On Behalf Of Bill Meier
Sent: Saturday, March 01, 2008 11:24 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Thanks for your willingness to look at this. I'm glad to have
:[EMAIL PROTECTED]
Sent: Saturday, March 01, 2008 12:13 PM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Decoding packets from a Cisco's ip
traffic-export flow
Frank Bulk wrote:
Ethernet hdr specifying type 0x0800 [IP]
00 12 79 63 1a 8c 00 30
Won't this miss the DNS queries, for example?
Frank
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Gary Chaulklin
Sent: Monday, February 11, 2008 8:03 AM
To: wireshark-users@wireshark.org
Subject: Re: [Wireshark-users] How to let wireshark capture one application
[mailto:[EMAIL PROTECTED]
Sent: Friday, January 25, 2008 8:22 PM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Capture filter for MAC addresses
On Jan 25, 2008, at 4:24 PM, Frank Bulk wrote:
I've looked at the wiki page (http://wiki.wireshark.org
I've looked at the wiki page (http://wiki.wireshark.org/Ethernet) but it's
not entirely clear to me how I would capture the traffic from all those
devices that share the same OUI.
For example, if the OUI of interest was Cisco (00:1b:0d), I have tried this:
ether[0:4]=0x001B0D
but it
I operate such a network and that's totally normal. I wish there was
something like proxy ARP on the CMTS to mitigate that spurious traffic.
Frank
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Acy Nonyxx
Sent: Tuesday, January 22, 2008 4:27 PM
To:
I would recommend that you use utility such as TCPView
(http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx) to see what
a specific application is doing.
It would be neat to see Wireshark extended to be able to capture traffic on
a process and all sub-processes that are spawned - I
Perhaps this has been asked and answered, but is there a tool or utility to
convert between capture and display syntax?
Frank
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of nilay yildirim
Sent: Sunday, January 06, 2008 3:22 PM
To:
For a time I had a user that passed me their iptables logs regarding this
traffic...once I saw what it was, I had to assure him that this was normal.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, July 11, 2007
Get a copy of 'grep' and 'cut' and all your filtering/stripping problems
will be solved.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Piers Kittel
Sent: Wednesday, May 30, 2007 12:29 PM
To: wireshark-users@wireshark.org
Subject:
I have a Barracuda 600 if you want to test, too.
Frank
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ionreflex
Sent: Thursday, April 19, 2007 1:10 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Barracuda false positive?
Well, I printed
David:
Did you get a chance to review this page?
http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28CategoryHowTo%29
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David
Schweinsberg
Sent: Thursday, April 12, 2007 3:16 AM
To: Community
for Wireshark
Subject: Re: [Wireshark-users] Viewing TKIP-encrypted data
On 4/12/07, Frank Bulk [EMAIL PROTECTED] wrote:
David:
Did you get a chance to review this page?
http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28CategoryHowTo%29
Frank
Interesting. I didn't know that page
Unless you need to get timing to the microsecond, any PC, OS, and NIC should
do just fine. No special tweaks required.
Frank
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dennis Colligan
Sent: Thursday, March 01, 2007 2:19 PM
To: Wireshark-users@wireshark.org
:[EMAIL PROTECTED]
Sent: Saturday, February 10, 2007 8:06 PM
To: [EMAIL PROTECTED]; Community support list for Wireshark
Subject: Re: [Wireshark-users] Save the bytes of a particular field from all
the displayed packets in one file
On Wed, Feb 07, 2007 at 01:54:48PM -0600, Frank Bulk wrote:
Anyone
Anyone reading the last few weeks of postings should be detecting a
recurring theme...people want to extract images and audio with the correct
file headers and names from packet streams that may or may not be
contiguous.
Sounds like a big task.
Frank
-Original Message-
From: [EMAIL
You'll want to do a packet trace of the transmitting computer and see if
they're being sent out on an orderly basis.
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stephen Fisher
Sent: Thursday, January 11, 2007 10:50 AM
To: Community support
Yes Wireshark includes RTP stream analysis including latency and jitter.
Frank
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of William Irving
Zumwalt
Sent: Saturday, December 09, 2006 12:00 AM
To: wireshark-users@wireshark.org
Subject: [Wireshark-users] voip
? And, is there anything around that might help me configure
for capturing only RTP (if I understand correctly, the VoIP protocols ride
on top of RTP which rides on top of IP?) and making sense of what's going
on?
On 12/9/06, Frank Bulk [EMAIL PROTECTED] wrote:
Yes Wireshark includes RTP stream analysis
I read this news item:
http://www.unstrung.com/document.asp?doc_id=108160
which made me ask: is there UMA decode support in WireShark?
Regards,
Frank
___
Wireshark-users mailing list
Wireshark-users@wireshark.org
Thanks for the update!
I can think of feature enhancements, such as the calculation of the minimum
jitter buffer size to accommodate a call, as well MOS/R-value calculations.
Regards,
Frank
-Original Message-
From: Jacques, Olivier (OpenCall Test Infra) [mailto:[EMAIL PROTECTED]
What spyware detector are you using?
Frank
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of scott vivian
Sent: Thursday, August 24, 2006 2:32 PM
To: wireshark-users@wireshark.org
Subject: [Wireshark-users] Spyware?
I recently downloaded a copy of
29 matches
Mail list logo