Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [wireshark]

Wireshark is an open source Network Protocol Analyzer under GNU License.

507 questions
0
votes
3 answers

user agent in http or https request

Is there any way that I can differentiate, the HTTP or HTTPS packets are coming from browser or not ? specially for https request.There is User-Agent field in packet in Http,but I could not found anything in HTTPS.
user95711
  • 211
  • 3
  • 4
  • 11
0
votes
1 answer

nmap repeats the scan to a specific port multiple time

I scanned a subnet (16 hosts) while dumping the network traffic with wireshark. I did it 2 times and I noticed that in the traffic there is the normal SYN-SYN/ACK and SYN-RST from open/closed port, but also there are thousands of SYN-SYN/ACK (and…
Possa
  • 185
  • 1
  • 9
0
votes
0 answers

Early tear down of communication

I have an application which performs an LDAP search which works in one domain but not in the other, when analyzing the packets sent between the application server and the domain controller being queried on the non working domain I only see the hand…
user3129787
  • 147
  • 1
  • 1
  • 7
0
votes
1 answer

Analyzing twitter packets

Thanks for your time. I'd like to find a way if a client has made a 'GET' or a 'POST' request for twitter. We are currently doing an educational project and we wanted to understand how we can achieve this. Setup: We are using Wireshark for Sniffing…
Dark Knight
  • 111
  • 1
  • 4
0
votes
1 answer

Is it possible to mimic the client of a https web service

There is such a windows application that communications with the server through https protocol, it is an auction tool and works only several hours per month. I have captured network packets (by windows network monitor) during one auction. I am…
Russell Yan
  • 1
  • 1
0
votes
1 answer

Why am I seeing prefixed/duplicated packets coming from a comcast device?

I'm looking at traffic my CPE from Comcast in Wireshark, and for every packet, there is an additional packet that is the exact same, except for 4 additional bytes at the beginning of the frame (obviously, screwing up wireshark's parking of the…
Loki
  • 101
  • 3
0
votes
1 answer

See historical packet receipt statistics in Windows

I know this is a long shot, but it would be really useful to me right now. Does anyone know of a Windows function or 3rd party tool that can show stats about the receipt of packets on a network adapter historically (over the course of the few days,…
Raiden616
  • 119
  • 3
  • 9
0
votes
1 answer

SIP INVITE packet has WAN address rather than call manager LAN IP

I am using SIP between two subnets (192.168.3.0/24 and 192.168.30.0/24) each connected via VPN. I have a call server on 192.168.3.100, and two phones 192.168.30.118 (Ext. 3128) and 192.168.30.119 (Ext. 3126) on the remote subnet. The WAN IP on the…
morleyc
  • 1,150
  • 13
  • 47
  • 89
0
votes
0 answers

ZyXel ES-2024 - Mirrored port showing duplicated traffic

I have a ZyXel ES-2024 PWD switch. I would like a computer plugged into port 26 to see all traffic that passes through port 2, both inbound and outbound. I have configured port mirroring for the appropriate port for both ingress and egress traffic…
Raiden616
  • 119
  • 3
  • 9
0
votes
1 answer

Linux unfriendly IIS/ASP.NET :-) : Quick download on windows but slow on linux

This particular web site (gops.tay.be) serves objects quick if I try to request the page using windows, but I get them very slow if trying using linux. There is no difference if I use browser or curl: Windows: C:\curl>curl…
user174704
  • 33
  • 1
  • 5
0
votes
2 answers

Occasional Delay on Website Resources: Packet Loss Due to Bandwidth Cap?

My website loads more slowly than I think it should, due to a few of the assets taking an absurdly long time to download from the server. I've been trying to track down the cause of this. I'm about 95% sure it is a networking issue, not an Apache…
David Alan Hjelle
  • 101
  • 2
0
votes
1 answer

Wireshark - Capture syslog traffic form local workstation

I am using wireshark version 1.10.3 on windows 7 x64 enterprise. I am trying to capture all outbound UDP traffic, in particular syslog traffic. I have tried a capture filter UDP, but all I can see it DNS and NTP traffic. I have used the following…
dmckenna
  • 233
  • 2
  • 9
0
votes
1 answer

Network card capable of capturing a tonne of packets and not dropping them?

Edit: Our server is trying to capture packets at between 500-600Mb/s, but is dropping packets 'due to kernel'. Data is being written to SSDs, and isn't bottleneck there. What things should I look for in a network card when choosing one that would be…
BIGMOOSE
  • 9
  • 2
0
votes
2 answers

server sending hpoms-dps-lstn packets to unknown IP

I have a server running pacemaker with corosync and some standard services as mails, web, ssh... When I run wireshard in my network I keep getting those packets that my server is sending to the IP 226.99.1.1 (which is not in my local network, and…
Clement Roblot
  • 157
  • 7
0
votes
1 answer

tshark duration of a conversation for a ip address

i can retrieve the follow info from a .pcap : ================================================================================ IPv4 Conversations Filter:ip.addr==1xx.1xx.0.1xx | <- | | …
drd0sp.pt
  • 1
1 2 3
33 34