Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

2

votes

0 answers

Wireshark only capturing broadcast packages

I've ran Wireshark multiple times on my notebook for wireless networks verifying mobile packages for my devices and it used to work most of the time. I haven't been able to monitor my traffic today on three different networks - my home router and…

wifi wireshark tcpdump

asked May 10 '15 at 18:21

Mario Peshev

121
2

2

votes

4 answers

How can the SSDP protocol be filtered out of Wireshark view?

In Wireshark version 1.12.4, I am trying to filter out packet messages with an SSDP protocol. When I clicked the Expression button next to the Filter field, and selected "HTTP" (as Field Name) and "is present" (as Relation), I still get SSDP. Most…

wireshark filter ssdp

asked Apr 29 '15 at 21:45

JustBeingHelpful

1,964
7
37
53

2

votes

0 answers

Difference between ping time and time for first ACK answer

While creating a packet performance monitor I come across the follow problem: if I ping a server, I get about 4ms. If I calculate the time between a POST and its first ACK, I get about 25us (microseconds). Here is Wireshark data for both…

ping wireshark

asked Mar 23 '15 at 11:26

Saulo Fonseca

21
1

2

votes

2 answers

Not seeing all Traffic with Wireshark and Windows

I just installed wireshark on a windows machine, when I run the capture, I do see traffic, but not all. I am VNC'd into the box and see no VNC traffic, If I ping something from the box, I can see it. Is the common? It says 'Broadcom L2 NDIS client…

windows wireshark

asked Sep 16 '09 at 15:17

Kyle Brandt

83,619
74
305
448

2

votes

2 answers

Only capture HTTP post requests through tcpdump

For security purposes we want to list all POST requests URI's that are used in our applications (so we would disable POST through mod_security except for those URI's). The idea is to use tcpdump to capture these during a full regression test and…

wireshark tcpdump

asked Nov 20 '14 at 11:22

Stijn Geukens

121
1
5

2

votes

2 answers

Understanding LDAP traffic with ActiveDirectory

In looking at LDAP traffic through Wireshark I was curious to understand the conversation between the a windows client and Active Directory. Each conversation would vary to less than 80k bytes. But there are times when a conversation would be…

active-directory ldap wireshark

asked Nov 13 '14 at 23:34

rmnv

55
2
5

2

votes

1 answer

Corrupt DNS requests

Sometimes in some network captures that include my DNS server, I find there are failed lookups for what seem like invalid requests. When viewed in Wireshark these show up with what looks like escaped bytes outside the ASCII range. An example from…

domain-name-system wireshark

asked Oct 27 '14 at 21:52

bbayles

121
1
1
9

2

votes

4 answers

HTTP not finishing over LAN. Hardware cause?

On a customer server running Apache 2.2 on Windows server 2012 we're noticing that from time to time, some requests to the server never finish. Using wireshark I've found a bunch of duplicate ACKs get sent to the server as soon as it starts…

windows-server-2012 http tcp wireshark

asked Oct 06 '14 at 14:07

Hans Allis

21
1
2

2

votes

1 answer

How can I write a filter to get tcp sequence number inconsistency?

I am using WireShark 1.12 and I am trying to filter SYN , SYN/ACK , ACK by inconsistencies. Would anyone know how to write a filter for this version? Currently I am using this: tcp.ack & tcp.seq & tcp.len I am able to see the drop in sequence…

wireshark

asked Sep 04 '14 at 14:37

user127413

2

votes

0 answers

Can I use tshark to write SSL-decrypted packets to a file?

I have a PCAP file containing SSL-encrypted HTTP traffic and the private key from the relevant web server. I'd like a PCAP file that contains the decrypted HTTP traffic to feed into a different tool. I've been able to get tshark to decrypt and…

ssl wireshark pcap tshark

asked Jul 08 '14 at 22:57

Willi Ballenthin

365
1
2
11

2

votes

1 answer

Intermittent switch failure and data flooding, hardware capacity?

We are using a switch (ZIO-SW500) connected to the building main network and we suffers from intermittent network halt. Normally the network works well. But, sometimes traffic designated to other IPs floods in and our network halts for a while…

networking switch wireshark halt

asked Jun 25 '14 at 04:08

Seungpyo Hong

23
2

2

votes

0 answers

replay decrypted ssl traffic with tcpreplay

I have an pcap format from some https traffic from one of my web-servers. So I can use the key from my webserver to decrypt the traffic in wireshark. The problem I'm now facing is that I can't get an unencrypted pcap file from wireshark. I want to…

ssl https wireshark pcap tcpreplay

asked Apr 30 '14 at 13:14

timmeyh

968
1
6
25

2

votes

2 answers

EC2 hosting, trying to understand network security model

We are hosting few virtual machines at amazon. Security groups and other configurations are set up to allow access only from desired addresses and to desired parties. The machines do talk with each other. My concern is about communication security.…

amazon-ec2 hacking wireshark

asked Apr 02 '14 at 01:27

user871199

185
5

2

votes

2 answers

How can I get a list of the ports that Wireshark knows?

When I need to choose a new port to use (internal to an organisation) I used to look in /etc/services. This is no longer sufficient, as Wireshark knows about many other ports that are not in /etc/services and therefore mislabels traffic. I would…

port wireshark

asked Mar 14 '14 at 09:22

fadedbee

2,068
5
24
36

2

votes

1 answer

Strange Ethernet II packets in wireshark

Looking at a wireshark capture, I'm seeing something really strange. Ethernet II packets with random data are being sent on the network. The larger packets in the capture seem to contain bits and pieces of http, but the src/dst don't make any sense…

networking wireshark packet-capture

asked Feb 03 '14 at 16:09

eaglefly21

23
1
5

Questions tagged [wireshark]