Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

0

votes

1 answer

Linux: get all connect calls for a local port

I have a ssh tunnel through which a client is connecting to a server. Using, wireshark, I could see a periodic connection of SSH besides the keepalive, but I am unable to obtain the process (pid) that's causing this traffic. I used ss -ntap -o state…

asked Apr 18 '18 at 19:47

iamauser

349
2
3
12

0

votes

0 answers

Bad password on Domain Admin from Unknown Workstation

I'm trying to trackdown the Computer/Device that has a bad password for one of our Domain Admin accounts that gets used as a shared/service account. The only details I have is a recurring event in the event viewer on our domain controllers. It…

active-directory windows-server-2008-r2 authentication windows-event-log wireshark

asked Apr 12 '18 at 05:30

Gre

85
4
13

0

votes

1 answer

can't get authentication with wireshark (http)

I'm trying to get authentication from an application that connects with tomcat apache by port 18080. I know user/pass, is only to check the application security to can use https instead http. I sniff traffic with wireshark, I can see username but I…

wireshark

asked Jan 23 '18 at 09:10

defekas17

1

0

votes

1 answer

How to collect HTTP data in Wireshark from a remote Linux host?

I am trying to collect HTTP requests and responses from a remote host using Wireshark using SSH tunnel. So I have Windows host with Wireshark on it, and Linux host with tcpdump on it and a web server listening on port 5000. I execute tcpdump on the…

linux http wireshark tcpdump

asked Jan 07 '18 at 20:28

Mohammed Noureldin

541
1
11
25

0

votes

1 answer

My computer sometime uses ISL instead 802.1q?

My computer is connected to another computer via Ethernet (via a very simple unmanaged switch). I want to make the traffic between the two computers VLAN tagged with 802.1q protocol. My computer use Intel l1219-LM Ethernet network adapter. I used…

vlan ethernet wireshark isl

asked Dec 01 '17 at 20:21

Shir

111
1
6

0

votes

1 answer

Get VPN parameters from tcpdump

There are some cases when VPN client has no (working) linux-version. Is it possible to run linux openvpn client with proper flags to replace them? For example - first dump messages between client and server during connection establishment, then get…

vpn wireshark

asked Aug 14 '17 at 08:06

Viktors

1
1

0

votes

1 answer

Find simple text fragment in packets

Trying to filter packets with Wireshark. Why it finds nothing when placing filter tcp contains M-SEARCH. I have such value on the third line.

wireshark

asked Jul 31 '17 at 09:31

vico

99
1
2

0

votes

1 answer

DHCP server on a multi ip interface

My system runs Ubuntu 17.04, my network topology is: I have eth1 configured with multiple IP addresses: $ ip addr show eth1 4: eth1: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether…

ubuntu networking wireshark dhcp-server

asked Jul 06 '17 at 17:14

mastupristi

111
2

0

votes

1 answer

Comunication via vlan interface in general mode

I'm trying to understand egress tagged rule in the context of general mode port in vlan. I have an Allied Thelesis AT-8000S switch with two PC connected (PC1<->e1, PC2<->e2). Both PCs have wireshark installed and NICs set to mode in which the vlan…

switch vlan wireshark

asked Jul 02 '17 at 18:09

Aleksander Hal

1
1

0

votes

1 answer

Explanation for linear CPU work increase resulting in dual step latency increase

I'm facing a somewhat weird phenomenon I can't explain regarding to CPU/core usage. I run a couple of Docker containers on an Ubuntu machine with OpenPLC running inside the containers. The only interesting part to know about this is that when I…

docker central-processing-unit wireshark

asked May 11 '17 at 15:05

Cedric Vandendriessche

101
1

0

votes

1 answer

Filter pcap by subsecond detail?

I'm trying to export a subset of a pcap file given a start and an end message, this start and end message identification is currently done using ngrep on the raw data(because we have no dissector for the specific protocol) Ideally I would like to…

wireshark filter pcap

asked Mar 28 '17 at 11:56

Kristofer

113
1
7

0

votes

1 answer

How do I generate a source of netflow data for nfcapd?

I am trying to use nfcapd to save netflow files for use by a network analysis tool. How do I capture network traffic on my host and send it into nfcapd? Can I use wireshark/tshark or something similar?

wireshark packet-capture tshark netflow

asked Mar 14 '17 at 02:09

aaa90210

351
6
15

0

votes

1 answer

What application is connecting to a remote site?

I can see with Wireshark that every 5 minutes I have a connection from my computer to ip 165.254.162.243 on udp/8253. This has been going for months. I cannot identify what application or process is making this connection. I used Wireshark to…

wireshark netstat network-protocols

asked Feb 09 '17 at 03:31

AdiGri

21
1
4

0

votes

1 answer

Wireshark doesn't detect any of my interfaces

I know this question has been asked on ServerFault and Stackoverflow but none of the discussions and solutions have worked for me. (Not linking to the question directly as I can only post 2 links at this point.) I am using Wireshark 2.2.4 with…

windows wireshark

asked Feb 02 '17 at 19:49

AGandhi

21
1
1
3

0

votes

1 answer

TCP Handshake error: SYN and SYN/ACK packets are not recognised

I have very interesting problem: I have Proxmox hypervisor and two linux vms on it: First vm have several nics in main bridge, each nic added to vm with certain vlan tag on hypervisor. Second vm have only one nic in main bridge, but it have…

networking linux-networking tcp tcpip wireshark

asked Dec 14 '16 at 15:36

kvaps

253
3
9

Questions tagged [wireshark]