Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

2

votes

3 answers

Can Wireshark capture an entire Ethernet frame including preamble, CRC and Interframe spacing?

I am examining an Ethernet frame in Wireshark. According to the "Ethernet frame" Wikipedia article and accompanying diagrams, "A frame starts with a 7-octet preamble and 1-octet start frame delimiter (SFD)." The article also highlights that "[the]…

asked Jul 07 '13 at 19:42

synack

23
1
1
4

2

votes

3 answers

While analyzing a network interface using WireShark, which device's timestamp is recorded?

OK, this may seem trivial but due to the nature of testing required for my application, I need to get precise timestamps. I am using WireShark to analyze packets. Suppose I have a network with 2 hosts h1 and h2. h1 and h2 are connected with each…

networking wireshark

asked Jun 14 '13 at 17:27

spiritusozeans

225
2
10

2

votes

6 answers

Wireshark Capture Between Two Routers

How would one go about capturing OSPF traffic in Wireshark between two routers? I'm looking to do something like this: [RTR A] - - - [LAPTOP] - - - [RTR B]

cisco wireshark packet-capture network-traffic ospf

asked May 03 '13 at 14:41

THE DOCTOR

185
4
14

2

votes

2 answers

Is TCP RWIN set by application or OS?

I have a situation where an application is listening on a TCP port and every once in a while, as seen in tcp dumps, gets its Receiving Window (RWIN) set to zero. When this happens, its Recv-Q stops moving (because the sender stop sending) and the…

networking tcp wireshark tcpdump

asked Apr 18 '13 at 12:52

Mara

139
1
11

2

votes

0 answers

Issue with Netgear GS108T Managed Switch and Jumbo Frames

I recently purchased a Netgear GS108T managed switch and I am trying to configure jumbo packets between my NAS (Thecus N4100Pro), PC and managed switch. I should mention the fact that I was able to use jumbo frames between my PC and NAS before I…

networking wireshark nmap gigabit-ethernet jumboframes

asked Dec 18 '12 at 03:33

Richie086

238
2
10

2

votes

2 answers

Can you run a packet capture (wireshark) while rdped to a server?

I want to run a packet capture while rdped into a box. I'm pretty sure it won't drop the connection to the server (a server with one nic). I tested on VMs and it seems fine. Am I missing something?

rdp wireshark

asked Dec 14 '12 at 15:49

gar09

23
1
3

2

votes

2 answers

Wireshark and mirrored ports bringing in 10k+ packets a second

I've got wireshark setup on a monitoring machine to monitor our offices internet traffic (approx 40 machines). However, whenever I start wireshark within about 30-40 seconds it has crashed - I think due to the large volume of packets being received…

monitoring wireshark packets

asked Dec 14 '12 at 12:51

buzzmonkey

21
3

2

votes

1 answer

Printing to shared printers across VPN

I have a program that prints labels at five remote sites. Two sites, aren't working, but the rest are with an identical (as far as I can tell) setup. Using Wireshark, I have determined that the handshaking all goes well, but after the "Open Print…

networking vpn network-share printing wireshark

asked Dec 11 '12 at 21:21

CYMR0

145
1
7

2

votes

0 answers

Wireshark (WinPCap) does not see Intel X520-DA2 10 GbE NIC teaming intermittently

I am running a team of two 10 GigE ports on Intel X520-DA2 network card. They work well in tandem and achieve the desired throughput. However, I see an intermittent issue whereby WireShark and my own application (using WinPCap) only show the…

windows-server-2008-r2 wireshark intel network-teaming winpcap

asked Dec 08 '12 at 02:27

GregC

889
2
8
25

2

votes

1 answer

Debugging network traffic on local Windows machine

A customer running Windows is having issues with two server components that communicate with each other using TCP. Normally the two components live on two separate server, so Wireshark lets me easily see all of the communications at the byte level,…

windows networking proxy wireshark

asked Jul 24 '09 at 14:40

Adam Batkin

387
4
12

2

votes

3 answers

Network flooded with seemingly empty packets

Let me preface this with the fact that I'm just a web developer at my company with little networking knowledge. Earlier today there was a department that lost all of their network connections so I popped open Wireshark and observed the influx of…

networking wireshark flooding

asked Nov 09 '12 at 19:30

Adam Particka

139
1
2

2

votes

1 answer

Wireshark, using "Decode as", BACnet is missing as a choice

I'm trying to decode BACnet traffic that was sent on a non-standard port. It looks like I should be able to click "decode as" and choose BACnet or BACapp, but they don't appear in the selection list. What am I missing?

wireshark

asked Jul 05 '12 at 19:33

Eric House

31
2

2

votes

5 answers

Extremely high arp flooding from the router

My subnet is 10.162.0.0/16. We have a router with a couple of interfaces. Our gateway address for this subnet is 10.162.0.1. The router is in another building and I haven't got direct access to it. Line from router comes to my main layer-2 switch…

networking wireshark arp

asked Jun 20 '12 at 11:08

Temak

195
1
3
11

2

votes

3 answers

Is there some capture filter (or alternatives) that is especially useful for wireless capture?

I'm capturing wireless traffic in monitor mode with Wireshark. I want to capture traffic only for a certain BSS. While wlan.bssid == xx:xx:xx:xx:xx:xx works well as a display filter, I don't want my data cluttered with useless traffic that I'm not…

wifi wireshark

asked Feb 14 '12 at 09:20

Haozhun

267
2
5
10

2

votes

1 answer

CouchDB plugin for Wireshark?

I am trying to understand CouchDB network traffic with Wireshark and find it very difficult. A simple transaction with plain-text content seems to result in many lines in Wireshark, most of them being not more than unparsed binary data: 44270 >…

wireshark couchdb

asked Feb 07 '12 at 06:31

Nicolas Raoul

1,334
7
22
43

Questions tagged [wireshark]