Re: [Wireshark-users] Logging Ups and Downs

Hi, Please understand that Wireshark is not a connection manager of sorts. Therefor it does not do such things. Perhaps you could get indirect evidence of such behaviour, but that very much depends on the details of the setup and what effect can be seen, if at all. On 5/7/24 7:02 PM, Bruce

Re: [Wireshark-users] RTCP packets not getting decoded correctly

statistics even for the encrypted > traffic without using any server API? > thanks > > On Sun, Dec 17, 2023 at 3:16 AM Jaap Keuter <mailto:jaap.keu...@xs4all.nl>> wrote: > Hi, > > What you are probably looking at is the encrypted form of RTCP, as defined in > RFC 3711. &g

Re: [Wireshark-users] RTCP packets not getting decoded correctly

Hi, What you are probably looking at is the encrypted form of RTCP, as defined in RFC 3711. Therefor the first part of the packet looks okay, while the data following the SSRC is undissectable, because encrypted. To be able to decrypt this the key and negotiated transforms would be needed.

Re: [Wireshark-users] Need help to understand capture from network boot

“PCAP or it didn’t happen” Or, screenshots are useless, we’ll need packet captures. > On 26 May 2023, at 20:59, Fabio I. Zyserman > wrote: > > I also attach a screenshot of wireshark's control of the packets interchanged > between the > headnode and the (to be) computing node, through

Re: [Wireshark-users] I can't figure this capture filter out

Hi, You would have to double quote the capture filter expression to be passed into tshark in the first place. Furthermore “ssll.handshake” isn’t in the capture filter syntax, these are display filter expressions which cannot be passed in the capture engine. > On 13 Mar 2023, at 22:34, Kurt

Re: [Wireshark-users] wireshark keeps on decoding SIP over UDP on non-standard port despite all usual suspects on OFF

Hi, Have you looked at the table in Analyse | Decode As... ? Thanks, Jaap > On 28 Nov 2022, at 16:51, Ariel Burbaickij wrote: > > Hello all, > we observe that wireshark correctly decodes SIP over non-standard UPD port, > even where it is undesirable for our purposes in this case. All

Re: [Wireshark-users] Is it possible to specify dynamic payload type in tshark?

Hi, Have a look in your preferences file. There you’ll find an entry for evs.dynamic.payload.type. Use that on the command line with -o. Thanks, Jaap > On 13 Oct 2021, at 10:45, Nan Xiao wrote: > > Hi Community, > > Greetings from me! > > I have a RTP packet whose payload type is "109",

Re: [Wireshark-users] A fun Wireshark tale

Awesome read :) Thanks, Jaap > On 24 Sep 2021, at 16:20, Rafael Sarres de Almeida via Wireshark-users > wrote: > > Hi All; > > I am not a Wireshark user anymore because I am now working at a different > company with different roles. However, I want to share an adventure I had > more than a

Re: [Wireshark-users] A question about calculating "Mean Jitter" KPI for RTP flow

HI, Hopefully someone finds some time to look into it. So rest assured it’s not forgotten. Thanks, Jaap > On 22 Sep 2021, at 10:33, Nan Xiao wrote: > > Hi Community, > > Greetings from me! Very sorry for interrupting again! > > I find the calculation of "Mean Jitter" KPI for RTP flow is

Re: [Wireshark-users] IP adresses instead of hostnames

Hi, This depends on the Name Resolution settings in the Preferences dialog, and related files. Thanks, Jaap > On 25 Jul 2021, at 22:38, Dr Jean-Michel Collard > wrote: > > Hello, > > I will be very brief ! > > Why Wireshark diisplay IPv4/v6 addresses instead of hostnames ? > > (I use

Re: [Wireshark-users] Outbound RTP analysis and Jitter

Hi, Jitter is jitter, whatever the direction. It’s the (short term) difference between declared packet timing and the actual packet timing. In the receive direction it can be the result of the transmission path taken. In the transmit direction it can be the result of the non-real time behaviour

Re: [Wireshark-users] Error when trying to run wireshark-chmodbpf 1.0.2

Hi, It would probably help if you listed what your system is and what you were doing before. Thanks, Jaap > On 14 Jan 2021, at 01:18, Kok-Yong Tan wrote: > > sudo wireshark-chmodbpf > /opt/local/sbin/wireshark-chmodbpf: line 35: /dev/bpf0: Resource busy > /opt/local/sbin/wireshark-chmodbpf:

Re: [Wireshark-users] SIP trace with tshark?

> On 6 Sep 2020, at 10:59, Nicholas Saunders > wrote: > > How do I monitor port 5060 for SIP traffic? Something like: > > > sudo tshark -d udp.port==5060,http > > obviously, not http. > > > > thanks, > > > Nick Hi, By default the SIP dissector is quite capable to pick up UDP

Re: [Wireshark-users] Clue on sshdump w/special characters in passwords

Hi, I recon ‘X’ is not a special character, so what did you consider special in this context? Thanks, Jaap > On 30 Jul 2020, at 22:38, Jason Lixfeld wrote: > > Hi, > > I’m wondering if anyone has some clue on a sshdump GUI oddity. The attempt > to start the sshdump always seems to result

Re: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？

/show_bug.cgi?id=16344 <https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16344>) Thanks, Jaap > On 21 Jun 2020, at 04:26, damker wrote: > > my version was 3.0.6. > when i upgrade to 3.0.11, it shows like this "Fragment offset: 856". > > damker > > 发件人： J

Re: [Wireshark-users] the Fragment offset field in IP packet should follow the Raw bitstream？

That was a nice bit of source code archeology, but I’ve found that this format was changed in commit 7f6d5c04a86 with the comment: commit 7f6d5c04a869525d31e8d6e260d5195857481031 Author: Martin Mathieson Date: Wed Aug 29 15:35:27 2007 + Don't show fragment offset as a bit field, but

Re: [Wireshark-users] Newbee - propose Splat Button

Hi Bob, Good to hear the program is helpful for your quest. As for your purpose, does the ‘Mark Packet’ feature do the trick? Select a packet from the list, hit ⌘M (on macOS) / probably Ctrl+M (on others). You can also find the option in the Edit menu. Unfortunately these marks are not (yet)

Re: [Wireshark-users] Error 433

Hi Dieter, Your question is very limited, as in, contains very little information. This is not a common problem (as far as I can tell right now), so you’ll have to provide much more details about what you are looking at, starting at the basics of what computer, what OS, what Wireshark version,

Re: [Wireshark-users] Ethernet padding in tcpdump captures?

Hi Andreas, Can you clarify your capture setup a little more? What interface are you capturing on? What is the direction of the packet flow you’re looking at (incoming or outgoing)? Where’’s the firewall in this context? Jaap > On 4 Nov 2019, at 14:30, Andreas Sikkema wrote: > > Hi, > >

Re: [Wireshark-users] make rpm-package fails "Not a git repository"

https://www.wireshark.org/docs/wsdg_html_chunked/ChSrcBinary.html#ChSrcRpm “You can build an RPM package using the rpm-package target. The package version is derived from the current git HEAD, so you must build from a

Re: [Wireshark-users] Exporting RTP audio stream on Mac

Hi Stefan, What codec is being used for these audio streams? Just tried it with a G.711 stream without problem. > On 4 Sep 2019, at 09:36, Stefan Müller wrote: > > Hi, > > I try to get an audio capture of telephon streams. I already managed to > listen to the capture in wireshark. So the

Re: [Wireshark-users] Capture filter with multiple VLANs

Hi, For this you have to go lower in the stack and access the packet bytes directly. Have a look at proto [ expr : size ], where proto is ether. Now you can access the bytes in the ethernet frame directly. So start looking for 8100 as the ethertype, then extend the expression to make

[Wireshark-users] On the TCP MSS option

Hi Kary, While attending your SharkFest presentation on the 13th I was triggered by one remark on the TCP MSS option. This option was laking in one of the traces, resulting in reduced bandwidth of the connection. Wireshark isn’t pointing you to this

[Wireshark-users] ACM named Gerald C. Combs recipient of the ACM Software System Award

For those not in the social media space, the following news item popped up yesterday: ACM named Gerald C. Combs recipient of the 2018 ACM Software System Award for creating the Wireshark network protocol analyzer, an essential tool for nearly anyone who designs, deploys, analyzes and

Re: [Wireshark-users] wifi beacons show up as malformed

> On 30 Apr 2019, at 00:36, Reinoud Koornstra > wrote: > > I am just reading the capture. Other people reading the same sniff do > not see any problems. > The problem is only on my laptop that is shows malformed, on other > laptops the same pcap looks fine. Hi, So you concluded the capture

Re: [Wireshark-users] Low level analyzer

> On 6 Mar 2019, at 08:39, Helge Kruse wrote: > > I use Wireshark for analyzing the network traffic. I identified a lot > of re-transmissions caused by packet loss on a device that is > connected to a 10 MBit/s hub or switch. If the same device is > connected to a 100 MBit/s switch, it works

Re: [Wireshark-users] Wireshark Filters

Hi, Could you at least show the exact filter expression? These are just elements of them, but doesn’t tell how they work. Thanks, Jaap > On 25 Feb 2019, at 22:02, Ovadia, Esterina > wrote: > > Hello, > > I am using Wireshark(2.6.6 as recommended for the Nordic Sniffer) to capture >

Re: [Wireshark-users] unrecognized command line option '-fmacro-prefix-map=old=new'

Hi, 1. Remove the CmakeCache file and rerun cmake again, this should remove any detection ambiguities. 2. What you’ve shown is a text stage of CMake to find compiler options, these are not Wireshark build errors. Thanks, Jaap > On 26 Jan 2019, at 02:40, jungle boogie wrote: > > > Hello, >

Re: [Wireshark-users] What is the maximum data rate supportedbywireshark

Steve, Calm down. Go to the end of the email. Click on the link which will bring you to the mailing list management page. From their you can unsubscribe. Thanks, Jaap _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Anthony Sent: 2008-Apr-03 17:23 To: Community

Re: [Wireshark-users] How can I filter out SRTP packets?

Hi, Go to preferences and check Try to decode RTP outside of conversation. Then apply display filter 'rtp' for all rtp packets, or 'srtp.enc_payload' for SRTP only, but only if the setup information was seen. Curently dissection of the SRTP payload is limited, maybe if libsrtp matures this could

Re: [Wireshark-users] Howto: Wireshark from the command line export text

Hi, Note that the refenrenced mail speaks of tshark, not wireshark. tshark is the textbased variant of wireshark. Thanx, Jaap 赵新元 wrote: Hi, How can I export wireshark text from command line? http://www.mail-archive.com/wireshark-users@wireshark.org/msg00929.html This mail tell me

Re: [Wireshark-users] help tcp out of order, tcp segment lost, tcp dup ack, tcp retransmission.

Hi, Do you notice that every packet is in there twice? Look at the source addresses for example. I bet you capture from a mirror port? Then every ingress and egress of a packet is captured, once on the path to the first host, once on the path on the second host. Thanx, Jaap Alfonso Valdez

Re: [Wireshark-users] V1.0.0pre1 MIB Files

Hi, Frankly, I don't get warm fuzzy feelings with libraries which are to *support* our program and make it crash when fed bad data. Especially since the data is not in our control (UAT configurable). Bottom line: It should be fixed in the lib, not with (commandline) tools that are alien to the

Re: [Wireshark-users] wireless lan packet

Hi, have a look here: http://www.cacetech.com/products/airpcap_family.htm Thanx, Jaap Daniel Svensson wrote: Thank you for your quick answer! I only want to see the user data packets. What should i do to listen to the traffic that one laptop is sending to the routher with a third

Re: [Wireshark-users] V1.0.0pre1 MIB Files

it on bugzilla. Keith French. - Original Message - From: Jaap Keuter [EMAIL PROTECTED] To: Community support list for Wireshark wireshark-users@wireshark.org Sent: Friday, March 21, 2008 12:32 AM Subject: Re: [Wireshark-users] V1.0.0pre1 MIB Files Hi, Yes, the old dependancy on Net

Re: [Wireshark-users] V1.0.0pre1 MIB Files

Hi, Yes, the old dependancy on Net-SNMP has been dropped. I.s.o. that libsmi has been introduced. You can configure it where it needs to look (the one button) and what it needs to look for (the other button). A 'standard' collection of MIBs has been provide, the buttons give you the option to

Re: [Wireshark-users] vlan dhcp packets

Hi, Not true. The fact that there are UDP packets running on a native LAN or VLAN which happen to carry a payload which is considered BOOTP has nothing to do with the LAN they are running on. There are numerous ways to get a node on a VLAN. Easiest is to assign a port to a VLAN. Then the host

Re: [Wireshark-users] Q.931 called party information to SIP

Hi, Called party number usually translates into the INVITE URI. The number plan and type are not converted, maybe only used to verify that a URI can be composed of the called party number information, or, if it's an advanced gateway, could select the URI format based on the plan and type, but

Re: [Wireshark-users] Q.931 called party information to SIP

+0100 From: Jaap Keuter [EMAIL PROTECTED] Subject: Re: [Wireshark-users] Q.931 called party information to SIP To: Community support list for Wireshark wireshark-users@wireshark.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Hi, Called

Re: [Wireshark-users] Terminal Server traffic

: (305) 873-4400 Email: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter Sent: Monday, March 10, 2008 7:38 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] Terminal Server traffic Hi, Well

Re: [Wireshark-users] Using wireshark to process my own capture file

Hi, Why not go for these: /* Reserved for private use. */ { 147, WTAP_ENCAP_USER0 }, { 148, WTAP_ENCAP_USER1 }, { 149, WTAP_ENCAP_USER2 }, { 150, WTAP_ENCAP_USER3 }, { 151, WTAP_ENCAP_USER4 }, {

Re: [Wireshark-users] help in capturing Modbus traffic

Hi, Looks like you'll need some passive tapping hardware and dedicated capture hardware to pull this one off. Then that capture tool must write a capture file in one of the many formats Wireshark understands. Then Wireshark needs to understand how to to read this information. the MODBUS part

Re: [Wireshark-users] end-to-end delay calculation

Hi, Sounds possible, but watch out, read this first: http://wiki.wireshark.org/Timestamps Thanx, Jaap Fabiana moreno wrote: Hello there, I know wireshark is not able to calculate the end-to-end delay of a packet when streaming. I was just wondering if adjusting the clocks of my two

Re: [Wireshark-users] Terminal Server traffic

Hi, I may be dependant how you configured the monitoring port on the core router. If it captures both ingress and egress packets it start to see double. The details I leave to the network operator buffs ;) . Thanx, Jaap Albert Jurado wrote: As of last week we started to monitor traffic from

Re: [Wireshark-users] Terminal Server traffic

Jurado Network Manager First Commercial Insurance Company 2300 W 84 St. Hialeah, FL 33016 Phone: (305) 820-4848 ex. 1206 Mobile: (305) 873-4400 Email: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter Sent: Monday, March

Re: [Wireshark-users] Bug report - Follow TCP Stream conversation selection incorrect

Hi, We've created a nice database to make sure none of these reports go missing. Please visit bugs.wireshark.org and file your bug there. Thanx, Jaap Guy Bruneau wrote: Hi, I would like to report a new bug affecting the Follow TCP Stream. Since version 99.7 (99.8 has this issue as well),

Re: [Wireshark-users] Integrating a CORBA dissector

Hi Benjamin, What this tool does is create a dissector module for you. So the resulting file, called packet-YourProtocolName.c, goes into epan/dissectors in your wirehshark build tree. The referenced Makefiles are also in that directory. Put the name of your dissector in between the others and

Re: [Wireshark-users] How do I add a custom MIB?

Hi, Goto preferences and select the Name Resolution page. There you can enter the SMI MIBS and Paths. Thanx, Jaap Hi, Can anybody point me in the right direction on how to add MIBs for SNMP to Wireshark? I'm using 0.99.8pre1 on Windows. What I tried is to just add my MIB to the directory

Re: [Wireshark-users] Playback a capture file

Hi, Have a look at http://wiki.wireshark.org/Tools Thanx, Jaap Frédéric BERNON wrote: Hi group, I would like to know if it's possible to playback a capture file: with playback, I want to say resend captured packets with the same (or nearest timing). I use wireshark 0.99.8. Thank you

Re: [Wireshark-users] Wireshark setup

Hi Isaas, A quick setup? Install the package for your platform and then have a look at the wiki http://wiki.wireshark.org/CaptureSetup and the user guide. Thanx, Jaap Martinez, Isaas wrote: Can anyone give me a quick setup tour? This is my first time using wireshark; recommend by one of

Re: [Wireshark-users] Error capturing packet

Hi Peter, I guess you can't read a book either when asleep? So when your system goes to sleep it shuts the network interfaces. That just kills the capture session. If you want to keep programs running while your away from the machine, don't let it fall asleep. Thanx, Jaap Peter Shimmel

Re: [Wireshark-users] unicast traffic in promiscuous interface capture

Alex Nedelcu wrote: The surprise came when i noticed that around 0.8% of the traffic was TCP, originated and destined from different ip and mac addresses from the host that was making the capture. Hi, Is this a multihomed host? Otherwise I don't follow. Thanx, Jaap

Re: [Wireshark-users] Hiding interfaces

Hi, There is something to be said for using 'hidden interface' flag for 'Capture Interfaces' dialog. Sounds like a logical request. Any reason not to implement this? Thanx, Jaap Onur Akgun wrote: On Wed, Jan 30, 2008 at 11:20:55AM -0500, Onur Akgun wrote: Is there a way to hide

Re: [Wireshark-users] how can i open the package of iris saved

Hi, If you can configure Iris to save a capturefile in one of the many formats Wireshark supports, it will probably be able to load it. The Iris website is not clear what capture file formats are supported. Otherwise you might try capinfos to try to pry some information from your files.

Re: [Wireshark-users] ARP Broadcasts

Hi, Yes that's normal since your whole neighborhood is connected to that head end. I don't have the details at hand, but that's my basic understanding of it. Thanx, Jaap Acy Nonyxx wrote: I have broadband through my cable company. I unplugged the router and plugged my computer directly

Re: [Wireshark-users] running wireshark just before and after downloading a payload

Hi, That one is easy. Just set the snaplength to the size you need. That is the Limit each packet to xxx bytes entry on the Capture options dialog. Thanx Jaap Albretch Mueller wrote: Hi, ~ I was wondering how could you run wireshark just before and after downloading a payload, without

Re: [Wireshark-users] running wireshark just before and after downloading a payload

details out of them. You are going the other way, so maybe this is not the tool for you. Thanx, Jaap Albretch Mueller wrote: On Jan 21, 2008 4:38 PM, Jaap Keuter [EMAIL PROTECTED] wrote: Hi, That one is easy. Just set the snaplength to the size you need. That is the Limit each packet to xxx bytes

Re: [Wireshark-users] decode of gtalk?

Hi, Google talk is based on jingle, an extension of XMPP. Wireshark VoIP analysis can't interpret that as such, so can't provide you with a MSC, play RTP streams, etc. Thanx, Jaap John Davis wrote: Hello I have run tcpdump -i eth0 -w cap.log on my firewall. I then opened the cap.log

Re: [Wireshark-users] message fragment in message overview forBICCpackets

Hi, NO!, hitting it by accident would be a shame now would it... Thanx, Jaap Gerald Combs wrote: Joerg Mayer wrote: On Fri, Jan 18, 2008 at 12:11:35PM +, Peter Cambouris wrote: Take me off the list pls Please read the footer that is appended to each and every mail on how to do that

Re: [Wireshark-users] Measure Jitter and Delay for UDP packets

Hi, Since there is no tmiestamp in UDP headers there is no such thing as jitter and delay for UDP packets. There is for RTP packets, which can be transported in UDP packets. So what you would need to have is a session description which tells you about the timing aspects of this session and

Re: [Wireshark-users] IGMP and Multicast Session Captures

Hi, If you would give us an idea of the little information you get, and what you would expect we could give you some more targeted answers. Thanx, Jaap McGee, Jesse (AFL Tele) wrote: I am trying to debug IGMP performance in an integration lab. When I try to capture IGMP events (joins,

Re: [Wireshark-users] Decoding SVLAN packets with 0x9200 0x88a8 tag

Hi, Check the VLAN preferences. There is an entry for the 802.1QinQ Ethertype, which by default is 9100. Thanx, Jaap Nirupama Sankaranarayanan wrote: Hi, I'm capturing some SVLAN PPPoL2TP packets. Wireshark does not decode this correctly. It shows VLAN tag 0x9200 as unknown type, and

Re: [Wireshark-users] Can wireshark play back data?

Hi, There's no playout option in Wireshark. You may want to review the tools listed in the Wiki, some of which have this capability. Thanx, Jaap [EMAIL PROTECTED] wrote: I'm new to the world of networking and Wireshark. I work for an Avionics company and we use AFDX as the network for

Re: [Wireshark-users] Editing packets with Wireshark and replay?

Hi, You may want to look into bittwist: http://bittwist.sourceforge.net/ Note that this does enable you to edit IP headers (ea.) but IP addresses within the packets are left untouched. To do that you'll need to have NAT like application helpers. Thanx, Jaap jacob c wrote: Is there any

Re: [Wireshark-users] Continuous/circular in-memory tracing?

Jay Levitt wrote: On 12/22/2007 4:01 AM, Sake Blok wrote: On Fri, Dec 21, 2007 at 10:10:45PM -0700, Stephen Fisher wrote: On Fri, Dec 21, 2007 at 10:00:54PM -0500, Jay Levitt wrote: As far as I can tell from searching the forum, there's no good way to keep Wireshark up and running and

Re: [Wireshark-users] snmp.enterprise

Hi, Be aware there's a difference between display and capture filters. Capture filters are fed to the capture engine which can make low level decisions (like ethernet address, tcp ports at most). Display filters come into play when real dissections takes place. So, getting to something

Re: [Wireshark-users] Err Duplicate protocol filter_name bcp!

Hi, bcp is registered by the PPP dissector, for PPP bridge control protocol. So what might cause this is a stray plugin which still loiters in your system. Either as system wide plugin or personal plugin. Have a good look in /usr/lib/wireshark/ and ~/.wireshark/ or whatever this installation

Re: [Wireshark-users] (wireshark:26800): Gtk-WARNING **: cannot open display:

Hi, Yet again this is not a Wireshark problem. This has to do with access control to your X server. You don't want just anybody opening windows on your screen, do you. So if you started the X server under your own account (greg) then any other user (like root) doesn't have access to it. You

Re: [Wireshark-users] MPEG2TS over UPD not decoded

Hi, No, the intelligence isn't put into the RTP dissector, it's the other way around. The MPEG2TS dissectors registers itself with the RTP dissector, for payload type 33 (PT_MP2T, RFC 2250). If the RTP dissector gets such a payload it's passed to the MPEG2TS dissector. What could be done is

Re: [Wireshark-users] SNMP MIBs Wireshark 0.99.7pre1

Hi, It is on the roadmap for 0.99.7, but since this mad dash to release is happening, I'm not sure it's gonna make it. Thanx, Jaap Keith French wrote: When some early development builds were released for 0.99.7, the SNMP Preferences no longer had the option to load extra MIBs. Looking at

Re: [Wireshark-users] newb question

Hi, The voice is transported in RTP packets. So go to the menu Statistics. Select RTP from the menu and then Show all streams. Select a stream from the list and click analyze. Then you've the option to save the payload in an 'au' file, which is another form of audio file. This can be readily

Re: [Wireshark-users] How do I go about creating a custom packet data decode

Hi, I don't know why you need this but the most definite way to do it is patch dissect_packet in epan/packet.c. Just insert the line int i; for (i=0; ifd-cap_len; i++) pd[i] ^= YOUR_VALUE_HERE; before the call to tvb_new_real_data() and recompile Wireshark. This will XOR all packet data of all

Re: [Wireshark-users] Starting tshark from Windows scheduler

What about user privelidges? BTW: I always use dumpcap.exe for that. Thanx, Jaap Ludovit Boda wrote: Hallo, I want to start tshark from Windows XP scheduler every day at defined time with 1 hour duration. Every captured file has a time stamp in its name. I wrote batch file tshark.bat

Re: [Wireshark-users] Problems capturing frames with a two vlan-stack

Hi, The VLAN dissector has a 802.1QinQ preference. By default this is set to 9100. What happens if you change that to 8100? Thanx, Jaap Jose Liste wrote: Hi, I am trying to capture frames that carry two vlan tags (both with etype x8100). For the actual capture, I have a passive copper

Re: [Wireshark-users] Issue with LDAP protocol?

Hi, What does it show, apart from the expected LDAP traffic? Thanx, Jaap Peter Milanese wrote: Greetings- I am having an issue authenticating Apache-Domino through mod_auth_nz. This led me to run wireshark on the server doing the auth. Odd thing is, wireshark does not report _any_

Re: [Wireshark-users] Time Display Format

Hi, This feature was very recently added to the TCP dissector and is very likely to be available in the next release. This is the commit record for the feature. r22966 | sake | 2007-09-25 22:37:13 +0200 (Tue, 25 Sep 2007)

Re: [Wireshark-users] capture raw USB traffic functionality not working?

Hi, Never tried it myself, but this caught my eye on the Wiki page: The latest libpcap CVS (not an 0.9.x release or earlier release) is required for capturing raw USB traffic. Thanx, Jaap Joshua Pollack wrote: Hi, I'm interested in using Wireshark to capture raw USB traffic, but I can't

Re: [Wireshark-users] WIN32 AutoStart Configuration for Wireshark

Hi, Why start Wireshark just to capture? I've done this before with a simple command script that launches dumpcap, with some parameters for a circular buffer. Thanx, Jaap J P wrote: Hi, I have been experimenting with no real success in getting Wireshark to automatically launch and

Re: [Wireshark-users] Capture filtering using display filters

Hi, Your conclusion that what isn't displayed isn't captured is incorrect. Lets get into the details, shall we? First there's the capture engine, then the processing and then the display. The capture filter determines what's presented to the processing part. The display filter determines what's

Re: [Wireshark-users] Use of WireShark to decode WiMAX MAC Messages

Hi, Currently Wireshark can't do much other than MAC-to-MAC decoding. This is activated by packets with ethertype 0x08F0. There is a set of decoding functions available, but no dissector that binds them together. There is additional work in the pipeline, so keep an eye on this list and the

Re: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read

specifications for this output and they could change at any times. 2007/7/19, Jaap Keuter [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]: [...] Sure it is. Could it be a stat of YAFF [1] that Wireshark can read trough wiretap? Is there any generalized output description

Re: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read

Hi, Have a look here: http://anonsvn.wireshark.org/wireshark/trunk/wiretap/ Thanx, Jaap Frédéric Point wrote: Sorry I have forgoten words twice in my post... Can you give me pointers to these wiretap modules ? Thanx, Frédéric 2007/7/25, Jaap Keuter [EMAIL PROTECTED] mailto

Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv

Hi, Tried it on: Version 0.99.7 (SVN Rev 22353) Compiled with GTK+ 2.10.13, with GLib 2.12.12, with libpcap 0.9.5, with libz 1.2.3.3, with libpcre 6.7, with Net-SNMP 5.2.3, with ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos, with PortAudio PortAudio V19-devel,

Re: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read

Frédéric Point wrote: Hi, I have created a little Perl script to convert IP packet that are tranmistted over ATM interface on Cisco. This script is inspired by the one made by Hamish Moffatt which convert IP packet to something Wireshark can read. It takes only IP packets and ignore ATM

Re: [Wireshark-users] Capture Only RTCP

Les Bowditch wrote: Good morning, I’m attempting to capture only RTCP without decoding the protocol, as I have another app doing that. As RTCP does not have a predefined port that is always used, how can I accomplish this? Well, there's you catch22. You don't want it decoded, but

Re: [Wireshark-users] Fwd: Adding the 802.15.4 dissector...

Hi, From what I remember from previous discussions, there's still work to do on the DLT-values. So without a look at the code there's little to tell. Better take this discussion to the developer forum. Thanx, Jaap Richard Fulcher wrote: Hello all, I am working on a 802.15.4 project and

Re: [Wireshark-users] Summary reports of captured traffic to identify network usage trends?

Hi, You better use ntop for that. For other tools see the Wiki: http://wiki.wireshark.org/Tools#line-37 Thanx, Jaap Richard Mundell wrote: We're capturing traffic on our network to get an idea of general use of our internet connection by our staff. Obviously Wireshark gives a vast

Re: [Wireshark-users] RTP Stream Analyses [Marker Bit]

Hi, See bugs 165 and 269 on this. It's as the RFC states: The use of the marker bit is profile specific. Currently the RTP analysis is biased towards audio, so video profiles may suffer. Thanx, Jaap Lars Ruoff wrote: From my memories: packets with the marker bit set don't take part in the

Re: [Wireshark-users] Starting programs using Wireshark/tcpdump

HI, Maybe Lua can help you here. Thanx, Jaap Piers Kittel wrote: Hello all, My job is to set up a computer to capture packets, and to start recording a 3 minute video when a certain packet gets sent/received, so I can analyse the two afterwards using Wireshark. I've got all the

Re: [Wireshark-users] Wireshark

Hi, Ubuntu Dapper 6.06 has Ethereal 0.99.0 in its universe repository. That is the package as it was called before the renaming to Wirehshark. Thanx, Jaap On Wed, 2 May 2007, Kaushal Shriyan wrote: Hi I wanted Wireshark package for Ubuntu distribution, My Ubuntu Version is Release : 6.06

Re: [Wireshark-users] Writing/sharing dissectors

Hi, Better use the skeleton code found in chapter 1.2 of the README.developer file in /doc. Also name the dissector sourcefile packet-foo.c i.s.o. plugin.c, because that name is already used for the autogenerated plugin adapter code. Sharing the executable dissector is indeed as simple as

Re: [Wireshark-users] Writing/sharing dissectors

Hi, For a more extensive answer, after reading said website, there's not really a roadmap to a dissector. Much depends on the situation. First you'll have to choose the way you want to deploy you dissector. My guess would be a plugin dissector in your case, rather then build in. Another choice

Re: [Wireshark-users] bad handling of DHCP option 90?

Hi, What about the presentation of the HMAC MD5 Hash? That's got to be conditional as well. Please refer to the SVN version, your line numbers seem to indicate an older revision of the file. Thanx, Jaap On Mon, 23 Apr 2007, Stefan Puiu wrote: Stefan Puiu [EMAIL PROTECTED] writes: Hi

Re: [Wireshark-users] Wild Card

Hi, You'll want to use the slice operator for that. First look up the offset into the IP header to the source and destination addresses parts of interest (15 and 19), then apply the slice operator to ip. Like so: (ip[15:1]==28)||(ip[19:1]==28) Thanx, Jaap On Wed, 21 Mar 2007, Christopher

Re: [Wireshark-users] VoIP Analysis for Dummies

lost as to why. Cliff On Wednesdays I go shopping and have buttered scones for tea. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jaap Keuter Sent: Thursday, March 22, 2007 10:38 AM To: Community support list for Wireshark Subject: Re: [Wireshark

Re: [Wireshark-users] Checksum Display Filters

Hi, Not for UDP, there the checksum can be omitted. Thanx, Jaap On Sun, 11 Feb 2007, Keith French wrote: In the IP, TCP or UDP headers is the Checksum field, which has two parts to it. For the IP checksum this is:- Header checksum: 0xbbd5 [correct] [Good: True] [Bad :

Re: [Wireshark-users] Modification request: csv export

Hi, On Wed, 7 Feb 2007, Ulf Lamping wrote: Hi List! There seems to be some confusion about the csv format in general, and I guess about our export implementation as well. Therefore I've added a Wiki page (http://wiki.wireshark.org/Development/CSVExport) where information can be collected

Re: [Wireshark-users] How to export / print packets as displayed, not sorted by column No

Hi, Nope, I'm refering to the option with which you select either Captured or Displayed, in the packet range pane. Thanx, Jaap On Tue, 6 Feb 2007, Ulf Lamping wrote: Jaap Keuter wrote: Hi, I think you should file a bug report on that. Please state that if you select Displayed

Re: [Wireshark-users] bogus LLC header in UDP packet

heuristics on the payload and doesn't dissect anything if it thinks the traffic doesn't belong to it. I'm not sure if that's possible, though. Martin, another workaround (besides changing ports) would be to disable the LLC dissector. Jaap Keuter wrote: Hi, According to RFC 2353 this decoding

Re: [Wireshark-users] Generating Combined Captures TCP Stats and Graphs

Hi, How about using mergecap to combine the capture files you want? Then, depending on the capture filesize, wireshark/tshark may be able to help you with the graphs. Thanx, Jaap On Wed, 31 Jan 2007, Becky Vict wrote: Hi all, I have around 200 sample captures (200 .pcap files) from a few

  1   2   >