Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

1

vote

1 answer

how to generate the graph in wireshark?

$ sudo tshark -i eth0 -R 'http.request.method == "GET"' "port 80" Running as user "root" and group "root". This could be dangerous. Capturing on eth0 5.641015 10.53.0.66 -> 209.85.143.104 HTTP GET / HTTP/1.1 I want to get number of bytes…

linux wireshark

asked Mar 13 '12 at 23:02

bilal

11
2

1

vote

6 answers

How to record SIP traffic / calls for future auditing?

We have a VOIP (SIP?) phone system and have to record all calls for specific phones in the company. It may be required at a future date to listen to these calls for auditing. These phones happen to all be in the same room currently. We have been…

voip wireshark sip packet-capture

asked Feb 27 '12 at 17:04

Scott Szretter

1,882
11
43
66

1

vote

1 answer

PCAP to Syslog utility

I am looking for a tool which sniff all the traffic on an interface and produce a syslog like Cisco log in real time. Example : Feb 16 10:19:05 tcp S.S.S.S(6083) -> D.D.D.D(80), 1 packet Feb 16 10:19:07 tcp S.S.S.S(80) -> D.D.D.D(4662), 1 …

linux wireshark tcpdump packet-sniffer

asked Feb 16 '12 at 18:18

Dom

6,743
1
20
24

1

vote

2 answers

Can't decrypt imaps traffic in Wireshark

I have currently problems to decrypt IMAPS Traffic in Wireshark. I set up the SSL Key with the correct IP Address, Port 993 and Protocol imap. The Key is the correct one. That is what I see in the SSL log: dissect_ssl enter frame #136 (already…

ssl wireshark encryption sniffing

asked Feb 14 '12 at 22:40

reox

165
2
10

1

vote

0 answers

Why adding capture filters breaks the traffic dump in wireshark / windump?

I have a strange issue while trying to capture RTP (UDP) traffic. I have a phone using IP 192.168.9.4 and a Windows 2003 PC connected to the same switch (actually to the monitor port of the switch - that's how I'm able to sniff the traffic). When I…

windows-server-2003 voip wireshark rtp winpcap

asked Feb 10 '12 at 11:30

kyrisu

491
3
5

1

vote

2 answers

What is Reverse Gossip Transfer Protocol?

Playing with wireshark, I see a bunch of packets that say something like rgtp > https [ACK] Seq=???? Ack=?????? Win=????? Len=0 What is a Reverse Gossip Ttransfer Protocol? What is it used for, and by whom? p.s. Google takes me to…

wireshark protocols packet

asked Jan 18 '12 at 07:46

Everyone

249
2
4
9

1

vote

1 answer

Configuring Wireshark for Rolling Captures during DDoS Attack

We have been getting hit with DDoS Attacks on various machines for months. The datacenter either null routes or sets up an ACL for us. However, it just came to my attention there's a tool floating around meant for targeting Game Servers that…

windows-server-2008-r2 ddos wireshark packet-capture botnet

asked Jan 08 '12 at 09:29

Aidan Knight

650
3
11
19

1

vote

1 answer

Catalyst 3560G SPAN session not mirroring IGMP packets

I am developing a device which acts as a multicast host, and want to observe it as it responds to IGMP Queries. My Catalyst 3560G is set up as follows (full config below): Port 0/1 is a TFTP server allowing the device under test to boot. Port 0/3…

wireshark multicast cisco-catalyst igmp

asked Dec 16 '11 at 02:17

deemer

111
1

1

vote

7 answers

Firewall blocks traffic - how to find out what ports / ip addresses are used by software?

Well I get a "host was not accessible" error when trying to use a software. I don't know which port they use nor which address they are trying to reach. Is there a more or less easy way to figure that out? I got a program called wireshark - but the…

firewall wireshark tcpdump

asked Dec 13 '11 at 10:34

Toskan

115
2
2
9

1

vote

3 answers

Troubleshoot large number of TCP retransmits / dup ack / segment lost

I have a problem with RDC slowing to a crawl or disconnecting entirely. Client is XP SP3 w/ RDC 6, server is Win 2k8 R2. Both have been scanned thoroughly and found to be virus free. I downloaded and installed Wireshark on the client computer and…

windows-server-2008 windows-xp tcp rdp wireshark

asked Dec 12 '11 at 20:02

just.another.programmer

409
2
6
23

1

vote

1 answer

ICMP Data Field Modified - What does it Mean?

Normal ICMP Data fields are composed of a pretty standard 32 byte string of alphabet characters. abcdefghijklmnopqrstuvwabcdefghi I have captured a series of ICMP echo requests using WireShark with a modified Data field and I have no idea what it…

network-monitoring wireshark icmp

asked Nov 30 '11 at 06:40

Lucretius

459
1
4
14

1

vote

2 answers

How can I filter packets from a port monitor?

I have some data going from Point A to Point B. I have a SPAN monitor set up to a monitoring device C. To recreate some real world scenarios, I want to filter out all traffic which is a certain type (H.323 VoIP Signaling Packets) so that C sees a…

monitoring voip wireshark

asked Nov 12 '11 at 23:33

engineerchuan

407
7
15

1

vote

1 answer

How can I display-filter the correspondant response to a specific display-filtered request in wireshark?

I am just tracing a very sporadic error in responses to HTTP requests to a specific resource on an embedded device's webserver. So my plan is to run a test over night (or even weekend), capture the traffic with wireshark and then skim the dumpfiles…

wireshark filter tshark

asked Sep 09 '11 at 14:18

Peter

123
6

1

vote

2 answers

Strange UDP/TFTP Problem

My TFTP client only seems to be getting responses from the TFTP server to its RRQ (download requests) if I watch the traffic in wireshark. If I shut down wireshark (running on the TFTP server), the server does not respond to the RRQs from the…

embedded udp wireshark tftp

asked Sep 08 '11 at 04:32

vicatcu

151
6

1

vote

3 answers

Server access through switch port

I am using wireshark to monitor traffic on a server - Problem is, the computer I am using is only a terminal wired through the switch. Main line comes into the server which is relayed to multi-port switch (roughly 50 connections). Right now I get…

wireshark

asked Mar 15 '11 at 15:28

Kblz Btz

11
1

Questions tagged [wireshark]