Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

1

vote

0 answers

RouterOS sending malformed packets

I have a Routerboard 951G-2HnD which runs latest stable: RouterOS v6.50.5 Firmware v3.41 The board acts as the WiFi AP in WPA2-PSK mode. Recently I have noticed unhealthy amount of traffic sent from AP to clients for no good reason. Example of…

wireshark mikrotik routeros

asked Dec 21 '17 at 12:08

user218324

1

vote

0 answers

Server won't return some requests to single ISP

I have a Linode server that won't return random GET requests to my usual ISP (but never gets stuck with the same one each time). If I switch ISP or use Opera VPN, all works well. Linode says all looks ok to them. The server's resources are fine…

apache-2.4 http ubuntu-16.04 wireshark isp

asked Aug 17 '17 at 13:18

biscuitstack

153
1
7

1

vote

1 answer

Packet Captures saved in bin file format

Does anyone know of a tool to open a packet capture saved as a .bin file? That or how to convert it to pcap or something wireshark can open. I took a packet capture from a thin client and when I download it its a .bin file type. I have not been able…

wireshark packet-capture bin

asked Mar 28 '17 at 15:49

veel84

288
1
6
14

1

vote

0 answers

TCP window scale mismatch between CentOS 7 and Windows 2012 R2

Having TCP client on CentOS 7 and TCP listener on Windows 2012 R2, I observed through wireshark, sysinternals procmon and ss -bitmonz command, that the tcp client wscale is 7 (scale factor 128) while the tcp listener wscale is 8 (scale factor…

windows-server-2012-r2 centos7 tcp wireshark

asked Mar 28 '17 at 00:43

Jawad Al Shaikh

254
1
3
15

1

vote

0 answers

How to capture http requests headers and body

need to capture all incoming/outcoming http traffic of a unix machine, and then run a script on each http header/body. I have found that tcpdump captures all the requests, but big ones end up being split into multiple frames and is not easy to patch…

http wireshark tcpdump

asked Mar 22 '17 at 23:42

Jonas Flesch

11
3

1

vote

0 answers

Traffic to and from mongodb using SSL is still visible in wireshark in plaintext

EDIT: There was nothing wrong. I was an idiot. The below settings are correct. I've set up an instance of mongodb (3.4) on windows, configured like this: net: port: 27017 ssl: mode: preferSSL PEMKeyFile: C:\...\mongodb.pem …

windows ssl mongodb wireshark

asked Feb 22 '17 at 15:44

DukeOf1Cat

171
6

1

vote

0 answers

Wireshark not decrypting TLS packet

I am unable to understand why decryption does not work here. Consider the scenario in this pcap file - https://drive.google.com/open?id=0Bz5corUPBatBWWpXTFYwWjdfS0k I have a network setup such that Internet Server (104.31.17.3)<---------> (eth1)…

ssl networking openssl wireshark

asked Feb 17 '17 at 01:33

user396101

1

vote

0 answers

server stops sending SYN ACK after several normal connections

I have a few thousand devices behind a NAT talking to two servers. Each device is behind a local router (think modem/router), at which they get NATed to a private network that has thousands of these devices, and at the gateway for this private…

nat tcp wireshark amazon-elb

asked Feb 07 '17 at 23:31

user278837

11
1

1

vote

1 answer

What's the correct syntax for tcp.dstport in display filters

I've put the following display filter: tcp.dstport=8127 But it's showing as incorrect (red background): What am I doing wrong?

wireshark

asked Jan 05 '17 at 06:56

Max Koretskyi

767
1
8
16

1

vote

0 answers

NFS stuck in ack loop

I have a situation where one of three different NFS clients will break after a period of time (some number of days). I find that the broken host and server are continually sending 'ack' packets (to the tune of 100+mb/s). Each side is sending the…

nfs tcp wireshark

asked Oct 31 '16 at 18:23

Josh

121
4

1

vote

0 answers

Wireshark decoding URL from M – SEARCH * HTTP/1.1

I am new to Wireshark and when I am running Wireshark it shows me the source address as the IP address but the destination address is 239.255.255.250 and at the info tab it shows M – SEARCH * HTTP/1.1. My question is that if there is a way to decode…

wireshark

asked Sep 23 '16 at 11:49

Dexter

11
1
2

1

vote

0 answers

What is causing RST ACK in my connections?

75% of calls to a 3rd party API are getting dropped. When this happens is propagates up to my calling code as a The request was aborted: Could not create SSL/TLS secure channel error. Here is a wireshark capture of RST ACK happening with 2 calls:…

tcp wireshark

asked Sep 13 '16 at 13:13

Crippeoblade

111
4

1

vote

1 answer

How to capture network packets that use SS7 protocol using Wireshark?

Since SS7 protocol stack is used in GSM mobile telephony network, we can't get the packets of SS7 protocols using Wireshark in Windows Computer and browsing in a web browser like Google chrome. So how can one get packets which have SS7 protocol in…

wireshark packet-capture network-protocols packet-analyzer gsm

asked Aug 29 '16 at 18:57

Jesss

23
1
4

1

vote

1 answer

Need help in understanding the packet analysis(wireshark)

The snapshot capture below contains a single HTTP request to a web server, in which the client web browser requests some files from server, and the server returns an HTTP/1.1 200 (OK) response which includes the file requested: Here is what I…

tcp wireshark packet-analyzer

asked May 26 '16 at 21:08

List 25

21
1
5

1

vote

1 answer

Debugging why network packets are being dropped

Preface: I have an application that I am currently testing out that runs on RHEL 6. The setup for my test is the application installed on a embedded device, connected by an Ethernet cable to PC that communicates with the virtual machine on that PC…

networking virtual-machines ethernet vmware-workstation wireshark

asked Apr 25 '16 at 21:39

jgr208

111
8

Questions tagged [wireshark]