Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

2

votes

1 answer

Wireshark find DNS response "Refused"

I'm looking for a way to filter a packet capture in wireshark for instances where our server responds with "Refused" to a recursive DNS query. dns.resp.type== doesn't seem to offer anything that I see as a match to my request, do I need to look…

domain-name-system reverse-dns wireshark

asked Nov 10 '21 at 22:01

tink

1,035
11
20

2

votes

1 answer

Piping SSH to wireshark on windows

In my day-to-day operations, I frequently need to execute tcpdump's on remote servers, and it's a pain to save the output to a file and then have to move the file to my laptop to analyze it on wireshark. I was exploring the command below, and it…

ssh powershell wireshark tcpdump

asked Jun 17 '21 at 21:10

BANJOSA

370
1
3
15

2

votes

1 answer

Measuring network bandwidth usage

One VM is sending data to another VM using rsync, both VMs are hosted on the same machine. I've got the task to measure the network bandwidth usage between both VMs and plot it. Plotting is easy once the data is captured, so the problem is to…

linux networking virtual-machines bandwidth wireshark

asked Jan 03 '21 at 22:29

user14610638

21
3

2

votes

2 answers

wireshark captures different on two computers from the same port

I Have a Windows XP Machine Running wireshark, connected to a Mirror port on a network. I'm capturing with no filtering, and it can only see half of some two way TCP conversations. I had thought it was a mirror port issue on the switch, but I can…

mirror wireshark pcap

asked Jan 11 '10 at 22:11

bk.

768
1
4
13

1

vote

0 answers

How do i convert text capture files back to pcap files?

I have opened Wireshark, selected the a.pcap file, and then went to File->Export and chose (K12 text file) to convert to text. Result is a.txt file. How can I convert back a.txt file to original pcap file. I want to edit some time stamps in a.txt…

wireshark pcap

asked Nov 21 '19 at 11:23

Vinod

111
1
3

1

vote

2 answers

What are the numbers preceeding a DNS packets flags for?

What does the Flags: 0x0500 section of this DNS query packet mean? Domain Name System (query) Transaction ID: 0x4242 Flags: 0x0500 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... =…

domain-name-system wireshark packet-capture

asked Oct 16 '19 at 12:18

Justin

13
1
3

1

vote

2 answers

I have a loopback traffic in linux involving port 631 and I have no idea what is causing it

So I did some packet capturing in my networking and everything else is actually fine except for this weird communication where source and destination is literally 127.0.0.1, source port is 631, and destination port is a continuously incrementing…

linux tcp wireshark loopback pcap

asked Aug 29 '19 at 11:15

cmakeislife

13
2

1

vote

1 answer

How to characterize a physical device on my network?

I have inherited a data centre with very little documentation. The network is split up into multiple vlans (and subnets which don't tally with the vlans). I have a lot of physical devices, some which have labels, but the lables do not resolve to DNS…

networking ip wireshark

asked Jul 10 '19 at 17:43

symcbean

21,009
1
31
52

1

vote

0 answers

the strange value of SRE in a D-SACK packet

I'm troubleshooting a strange network issue in our production environment. The dumped pcap file comes from the full NAT mode LVS , and the toploy of the ip address in the dump file is: 172.19.132.90（client）-> 172.52.0.3, 172.16.246.46 ->…

tcp wireshark lvs

asked May 31 '19 at 17:01

kongyk

111
2

1

vote

1 answer

Wireshark capture filter from list file

Is it possible to pass Wireshark or tcpdump a file containing a list of host IP addresses and/or networks to be captured?

wireshark tcpdump

asked Apr 16 '19 at 02:40

NOYB

41
3

1

vote

0 answers

Wireshark running on Host OS not capturing packets from VM

I have Wireshark running on my laptop (Ubuntu 18.04), and I also have Wireshark running inside a VMware Workstation Player with a Backtrack 5 Kali Linux virtual machine image. The VM Network Connection is set to NAT. I cannot get the Wireshark that…

virtual-machines wireshark ubuntu-18.04

asked Mar 12 '19 at 04:10

devjoco

111
4

1

vote

1 answer

Packets difference between PTP and gPTP

I'm trying to understand few things about gPTP (IEEE 802.1AS). I am using the open source implementation by AVnu (https://github.com/AVnu/gptp). I looking on the packets using Wireshark, and they are parsed as PTPv2 packets. Is there any protocol…

wireshark ptp

asked Dec 04 '18 at 09:40

Shir

111
1
6

1

vote

0 answers

Server does not respond to SYN

When I launch an FTP transfer from a client machine, it fails because it cannot connect to the server. With tcpdump I can see that the client sends a SYN to the server, and I can also see that the server received the SYN but it does not respond. I…

tcp wireshark tcpdump

asked Oct 10 '18 at 17:50

Baroudi Safwen

111
4

1

vote

1 answer

Windows Network Load Balancing Duplicates UDP Packages?

Background I have two Windows Server 2012R2 VMs (each with one NIC) listening on port 514 for Syslog UDP messages, which process and then persist the messages to a database. I tried setting up Network Load Balancing to distribute the Syslog traffic…

windows-server-2012-r2 powershell load-balancing wireshark udp

asked Jun 29 '18 at 17:45

Micah Hunsberger

21
3

1

vote

1 answer

How can I debug SSL traffic between nginx and an Apache backend with a pre-master key?

I am trying to troubleshoot 502 Bad Gateway errors logged by nginx (used as a load balancer) when communicating with our back-end Apache application servers. The nginx proxy_pass module is being used to configure nginx as a reverse proxy to a…

nginx ssl apache-2.4 wireshark

asked May 21 '18 at 15:38

Josh

9,190
28
80
128

Questions tagged [wireshark]