Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

1

vote

1 answer

Is there a quick way to determine what applications are present within a Wireshark capture? If so how

Is there a quick way to determine what applications are present within a Wireshark capture? If so how As most captures contain over 10 thousand lines, I can't expect people would by hand check which ports have been utilised and the applications…

asked Apr 05 '16 at 12:03

Usage

11
2

1

vote

2 answers

tcpdump http containing non expected payload bytes

I am monitoring an openvpn link with tcpdump a la tcpdump -i tun5 -w capture.dump -W 100 -C 100M -s 0 -n There is http/xml traffic going over that link which is basically caputered just fine. However, some packages contain bytes I'd not expect. See…

openvpn http wireshark tcpdump xml

asked Mar 14 '16 at 06:55

Alexander Gran

51
1
5

1

vote

1 answer

udp broadcast on port 25860

I used wireshark on my local network (to test it), and i noticed that there is a lot of udp packets send one broadcast, and the majority is coming from only one host. Theses udp packets are send on broadcast on the port 25860. Seing all theses…

wireshark udp packet-capture

asked Jan 30 '16 at 11:06

Sidahmed

141
1
1
7

1

vote

1 answer

how can i setup tshark to capture full URL uri request ip and time stamp

How can I setup tshark to capture full URL uri request ip and time stamp. I have tried this: tshark -V -R "tcp.port ==80 && (http.request || http.response)" | awk "/Hypertext Transfer Protocol/,/Frame/ { print };/Transmission Control…

ubuntu wireshark tshark

asked Jan 12 '16 at 22:19

siddharth raja

11
2

1

vote

1 answer

Can't connect to python server on LAN

So I have this python server which just returns the uppercase sentence which came as a input: from socket import * serverPort = 12000 serverSocket = socket(AF_INET, SOCK_DGRAM) serverSocket.bind(('192.168.1.2', serverPort)) print "The server is…

python wireshark udp telnet

asked Dec 13 '15 at 19:49

Jarwin

245
1
2
9

1

vote

1 answer

How do I export both Packet bytes and Summary line using tshark?

I can export ascii using Wireshark with exactly the same settings as in the example from the documenation, i.e. Only Summary line and Packet bytes exported. Since I have many files to do this with I suppose using tshark is way to go, but I do not…

wireshark export tshark ascii

asked Dec 08 '15 at 16:25

dotswe

113
3

1

vote

1 answer

SVN over SSL: Many reconnects on commit

The SVN server in our company, which is self setup and hosted on EC2, is pretty slow. The setup is based on Apache and mod_dav_svn. There is also a svnserve running that seems to be used by the CI system. We can access the repositories using SSL…

ssl performance svn wireshark mod-dav-svn

asked Oct 13 '15 at 03:37

Tarnschaf

305
3
16

1

vote

1 answer

Packet capture on ESXi host

I have an issue I am trying to track down and I believe the problem is with physical networking hardware. I have read the VMWare documentation on the pktcap-uw command and I know I can use it to dump the traffic to a file which can then be viewed…

networking vmware-esxi wireshark tcpdump

asked Sep 18 '15 at 21:08

James Shewey

182
14

1

vote

0 answers

Wireshark RST against TCP Zero Window

During application sharing with Microsoft Lync Client (Mac OS X), TCP ACK with RST flag is sent from my application end to Lync end against TCP Zero Window packets and call gets dropped. Image Link. FYI: My Application End: 172.16.6.106:55848 Lync…

tcp socket wireshark tcpdump lync

asked Sep 15 '15 at 11:50

zafar_sust_bd

11
3

1

vote

2 answers

What is the cause for TCP flow control misinterpretation?

The client cannot connect to our web server. I sniffed the client and web server only to found out that the client sees the TCP connection to be successful while the server see it as a failure. What are the probable cause for this problem? Did the…

tcp connection wireshark

asked Sep 09 '15 at 10:47

Xegara

123
2

1

vote

1 answer

Multiple syn's packets before handshake?

I have a scenario, I'm analyzing ssl (decrpyt) traffic to my webserver. I'm investigating server and end-to-end delay issues. In between this I'm stuck at following traffic pattern for which I need some advice/suggestion. The patter shows:- client …

wireshark syn

asked Aug 04 '15 at 18:33

asad

11
3

1

vote

1 answer

High Client Network Utilization Accessing File Share

When users try to access specific folders within our file server, their computer will sometimes lock up and stop responding. These folders have images that average 200KB in size. I've duplicated the issue on my PC while watching resource monitor and…

network-share wireshark

asked Jul 20 '15 at 21:22

Menga

23
1
6

1

vote

0 answers

Should I disable the Nagle Algorithm for Outlook / Exchange RPC/HTTP communication?

I'm investigating reasons why several Outlook clients in non-cached mode are having delays communicating... resulting in Outlook hanging. My suspicion is that a Netscaler, or intermediate device (? examples wanted) may be interfering with Exchange -…

exchange tcp outlook wireshark

asked Jun 09 '15 at 19:23

makerofthings7

8,911
34
121
197

1

vote

0 answers

How to find ACK for multiple segments using Wireshark?

I'm trying to use Wireshark to find a ACK (for TCP connections) send my the server which ACKs multiple segments as opposed to just ACKing 1 segment. Is there a wireshark filter than can help me with this rather than manually going through the list…

wireshark

asked May 13 '15 at 01:37

Mo Beigi

141
1
6

1

vote

1 answer

Expanding HAProxy health check to monitor MongoDB primary and secondary state

Follow up question regarding the MongoDB health check with HAProxy How to construct a MongoDB Health Check in HAProxy? The current solution works well when the focus is on determining if mongo responds, but I am trying to expand the functionality to…

haproxy mongodb wireshark

asked Mar 23 '15 at 22:27

David O

11
2

Questions tagged [wireshark]