Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

1

vote

1 answer

What causes the issue (possibly packet loss) in this scenario

I'm trying to diagnose a network related problem - please understand these points before suggesting an answer (apologies if more information is required, I will add anything people ask). We have a server only network (5 app server, 4 db servers,…

asked Mar 02 '11 at 23:50

Mr Shoubs

363
2
9
32

1

vote

3 answers

Dropped packets in Linux

I'am using a machine as a router, it works sort of fine, however if I do a ping -t whatever.server it will always cause a 3-4% package loss, no matter what server. Looking at ifconfig or netstat -i show no errors what so ever, what are some of the…

linux networking wireshark tcpdump ifconfig

asked Dec 03 '10 at 14:47

Anders

283
1
4
12

1

vote

1 answer

tshark (wireshark) to pinpoint connect reset / retransmitted issue

Windows server 2003. I have the latest WireShark installed on the server and need to capture packets on the server to pinpoint a randomly happened connection reset /retransmitted issue. When the connection reset happens, it resets about 600…

wireshark packet-capture tshark

asked Nov 30 '10 at 02:30

Stan

1,387
6
24
40

1

vote

1 answer

tshark (wireshark) filters: Where are they located?

While troubleshooting a MySQL issue, I came across this command at commandlinefu: tshark -i any -T fields -R mysql.query -e mysql.query I am trying to understand it before I actually use it. Looking at the man page helped me understand the options…

wireshark tshark

asked Nov 11 '10 at 17:45

Belmin Fernandez

10,799
27
84
148

1

vote

1 answer

NTP and phones (need a useful ntp test)

I have a sip phone which gets its time from either an ntp server or the asterisk server. however the packets never seem to get replied to I put wireshark in the way and looked at anything with protocol ntp with that i get : No. Time …

ntp wireshark

asked Jul 19 '10 at 22:00

MarkKGreenway

117
10

1

vote

1 answer

TCP RST Reset Every 5 Minutes on Windows 2003 sp2

Recently I had a web developer come to me and ask why he was receiving connection errors in his app that was accessing a sql database. So, I went through my normal trouble shooting steps to isolate or reproduce the issue. I discovered that if I…

tcp tcpip reset wireshark rst

asked Jun 02 '10 at 19:59

Dan

1

vote

1 answer

TCP Zero Window with no corresponding Window Update

I am trying to debug a network issue and am using Wireshark and tcpdump to grab packets from my server. I have one client application that is grabbing all my available connections and then holding them, trying to send A LOT of data and essentially…

linux networking tcp wireshark

asked May 19 '10 at 13:47

Gandalf

63
1
6

1

vote

3 answers

debugging spiking netstat "failed connection attempts" with iptables

http://farm4.static.flickr.com/3305/4588110530_a60c934289_o.png This graph is munin collecting netstat -s output. I want to determine where the connections are coming from. There is nothing obvious in wireshark dumps. It's been a while since I've…

iptables netstat wireshark munin

asked May 08 '10 at 03:13

someara

21
1
3

1

vote

1 answer

Checking rtp stream audio quality

We are working in a test environment and need to monitor the audio quality of an rtp stream that is being captured using tshark. Right now we are able to capture the audio and access the file through wireshark, but we would like to find a way to…

networking voip wireshark audio tshark

asked Mar 12 '10 at 20:48

chills42

202
4
10

1

vote

2 answers

PXE with proxyDHCP server: What makes a DHCP client accept / ignore offers from primary DHCP?

I am considering a setup with a primary DHCP server providing "IP data" (IP address, subnet mask, DNS, …), and a proxyDHCP server providing only PXE boot options. As it happens, my proxyDHCP server does not only provide the PXE options, but also the…

dhcp pxe-boot wireshark

asked Jan 04 '23 at 23:21

rikinet

33
4

1

vote

0 answers

Why are network packets getting sent to incorrect switch port

All, I have multiple security monitoring devices that lose communication/connectivity on a regular basis throughout the week. I have set up WireShark to monitor the network traffic going to/from one of the switch ports. I see that when…

networking wireshark packets

asked Sep 12 '22 at 21:43

ClydeR

11
1

1

vote

1 answer

How to capture USB traffic using Wireshark in linux CLI?

I've found (hopefully) all I need in order to setup Wireshark and usbmon kernel module - including allowing a non-root user to capture USB traffic: https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html However, when it comes to…

linux ubuntu command-line-interface wireshark

asked Jun 29 '22 at 15:01

tishma

203
4
13

1

vote

1 answer

Wireshark != doesn't work like it did before version 3.6

I use the filter ip.addr != 10.0.0.0/8 && !(ip.addr == 224.0.0.0/3) to identify any traffic between our network and the outside (and also exclude class-D address space). This filter no longer works. It does work if I write it as ip && (!(ip.src ==…

wireshark

asked Mar 08 '22 at 02:19

melds

231
2
9

1

vote

1 answer

How to find the linux user that sent the packet

Our server is compromised and we would like to know which accounts sent the malicious queries from our server. I used tcpdump to get this : our.host.net.48194 > box5596.bluehost.com.http: Flags [P.], cksum 0x0bf8 (incorrect -> 0x5061), seq 0:741,…

security wireshark tcpdump packet

asked Aug 21 '21 at 13:43

SmootQ

113
4

1

vote

0 answers

Running tshark and find in parallel + strict time-sorted output

I'm trying to obtain debug output of what "find" does compared to what happens on the network (tshark) Therefore I want to run these commands in parallel and have output meticulously sorted by time. I do this: { stdbuf -oL tshark -tad -l -n -s…

linux bash wireshark

asked Aug 18 '21 at 15:50

Marki

2,854
3
28
45

Questions tagged [wireshark]