Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

0

votes

1 answer

Wireshark - Difference between fixed parameters and tagged parameters

I'm new to Wireshark. I'd like to know what are fixed and tagged parameters and the difference between them. Web search didn't help. Kindly explain it to me in simple terms.

wireshark

asked Jul 15 '13 at 05:23

Gomu

113
6

0

votes

1 answer

Incoming Outgoing Packets Wireshark

Is there a way to have a column or a filter that marks each packet as incoming (download) or outgoing (upload) in Wireshark? I guess this should be relative to the selected capture interface device.

wireshark packet-capture

asked Jul 02 '13 at 00:52

Ventolinmono

131
1
5

0

votes

1 answer

Why am I seeing so many MAPI "Unknown?!" request/response in a packet capture?

We are experiencing user reported slowness with our Exchange 2007 server. We thought it was associated with a new application that we're testing. (This application uses MAPI to look at all of the mailboxes, in sequence, and do some basic…

exchange-2007 wireshark

asked May 30 '13 at 20:25

Kevin Buchan

224
1
4
10

0

votes

2 answers

Alternatives to wireshark?

What would be a good option to troubleshoot an interaction of browser with a server besides wireshark? I mean being able to see what the browser sends and receives. Is firebug a good alternative or is it only for css and the html useful?

networking web-server http troubleshooting wireshark

asked May 16 '13 at 19:05

user76678

349
3
5
16

0

votes

1 answer

Is there an app that can provide details about wifi access point config?

I'm wondering if there is an easier way to determine of the following parameters of a wifi network. For users who already have say a laptop connected to a wifi network. Does wifi network support PS-Poll mode (this is a power saving mode for battery…

networking wifi wireshark diagnostic wpa

asked May 09 '13 at 06:20

blak3r

731
1
11
16

0

votes

1 answer

syn flood attack -- packet hits on shared ip

How can I dump the TCP packets to get a better idea to know which website is being attacked? Here is what I have in my logs: May 4 23:10:26 host kernel: [2130002.635000] Firewall: *SYNFLOOD Blocked* IN=eth0 OUT=…

linux iptables wireshark tcpdump packet-capture

asked May 05 '13 at 03:14

John Miachels

1
1

0

votes

0 answers

NetGroup Packet Filter Driver isn't installed with WinPcap on Windows Server 2008 R2 64bit

I'm running Windows Server 2008 R2, 64 bit on a Virtual Server. There I want to install Wireshark to capture some of my network traffic for debugging purpose. During installation of Wireshark and WinPcap I ran into some problems. I've installed the…

windows-server-2008 wireshark winpcap

asked Apr 30 '13 at 09:28

oktopus

51
1
4

0

votes

1 answer

No response from IIS

My problem is that the Default Web Site can be opened from the server machine (localhost), but cannot be opened from a test machine (which is in the same LAN). Netstat says that IIS 7.5 is listening on 0.0.0.0:80. WireShark shows that the browser on…

iis iis-7.5 wireshark netstat not-responding

asked Apr 03 '13 at 12:35

kol

191
8

0

votes

2 answers

How to measure Wireshark parsing time of PCAP file?

I need to find out how to measure the parsing time of a PCAP file when using Wireshark. Does anyone know how to do this?

wireshark

asked Apr 03 '13 at 10:32

Okrx

73
1
12

0

votes

3 answers

Which bit represents which TCP flag?

For instance, a WireShark capture filter example I found - tcp[13] & 8 == 8 represents packets with PSH flags. How do I count the 8 ? Based on the wikipedia image, PSH is in the middle of the TCP flags segment. Counting 1 from the NS flag, PSH…

tcp wireshark filter

asked Mar 26 '13 at 16:56

iridescent

135
8

0

votes

2 answers

Caculating packet offset

In Wireshark, if I want to write a filter which accepts only ICMP destination unreachable ( type 3 ) messages, the filter is icmp[0] == 3 . How do I count the packet offset of 0 in this instance ? EDIT Based on the above image from Wikipedia, the…

wireshark icmp packet

asked Mar 26 '13 at 09:23

iridescent

135
8

0

votes

3 answers

Wireshark Promiscuous Mode and multiple Subnets

Is it possible to Sniff traffic with Wireshark where the source IP and Destination IP are on different subnets (of the same network) and neither of them are your IP? NIC is Intel 82579LM.

networking routing subnet wireshark

asked Mar 18 '13 at 21:37

user160910

0

votes

2 answers

Multiple ICMP destination unreachable messages

I'm load testing some web services hosted on IIS7. The web services make network calls to underlying services in response to client requests. The client requests are simple HTTP requests but the requests that emanate from the web service layer start…

iis-7 wireshark icmp

asked Feb 08 '13 at 18:24

Krishter

101

0

votes

1 answer

Application traffic classification with tcpdump

I have a trace file from my network. I would like to identify the top 10 applications used by us . Does tcpdump provide any application based filtering options ? Any details regarding this would be very helpful. Thanks.

wireshark tcpdump trace

asked Jan 24 '13 at 05:27

DaTaBomB

133
7

0

votes

1 answer

Filtering inbound traffic without knowing the destination subnet

I have a linux machine configured as a router with two interfaces facing LAN A and LAN B. I want to filter traffic passing from LAN A to LAN B (inbound traffic) using tcpdump, but I don't have the subnet information of the LANs (not this: dst net…

wireshark tcpdump packet-capture filtering

asked Jan 21 '13 at 18:34

Yasser

101
1

Questions tagged [wireshark]