Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

0

votes

1 answer

tshark conversation statistic not resolving hostnames

Executing the -z conv,ip command does not display the hostnames (like in wireshark). I execute the command, and after a bit of traffic was monitored, I stop tshark with Ctrl-C and then the conversation table is printed. For both Linux and Windows,…

ip wireshark tshark statistics

asked Jan 16 '13 at 21:03

Daniel

163
2
11

0

votes

2 answers

Analyse custom Ethernet frame with WireShark

WireShark can conveniently dissect Ethernet frames, and tell you exactly what each byte means. For example, it tells you where the TCP/IP headers are, how they have been populated and if the checksums are OK. Now I have an Ethernet frame encoded as…

ethernet wireshark

asked Dec 10 '12 at 15:46

Randomblue

1,165
5
16
33

0

votes

1 answer

Capturing network traffic (rtmp) between VMs or using loopback in the same VM using wireshark

I need to to capture RTMP traffic between two virtual machines (server and client) or atleast have the server and client on the same machine and capture the traffic. I am able to capture the traffic if I run wireshark on the host rather than on the…

wireshark network-protocols packet-capture rtmp

asked Sep 26 '12 at 18:43

ssn

111
5

0

votes

6 answers

Wireshark running all the time

Would this cause an issue eventually or is always ok to leave running. SHould it's logs be saved every no and again and if so when?

wireshark

asked Jul 12 '12 at 11:41

Axle

33
1
6

0

votes

1 answer

Router is continually broadcasting the same ARP request, with the exact contents

I hope the question is clear and that this is correct place to post the question. My router is broadcasting the same ARP frame over and over (once every second). It's probably not a big deal, but I want to understand what is going on here. The…

networking wireshark arp

asked May 06 '12 at 09:27

m4design

103
4

0

votes

1 answer

Wireshark/encryption and openvpn

I have a linux openvpn router and a home dsl modem. The dsl modem has port 1234 open and forwards it onto eth0 on the linux router. I can connect to the router from a remote location no problem. All the traffic is coming through, I can surf the net…

openvpn encryption wireshark

asked Apr 11 '12 at 17:43

Andrew

389
1
8

0

votes

1 answer

wireshark windows - how to remote capture/analyze from a tshark or similar install?

I would like to set up some small, low-end hardware wireshark capture points on my network. I am hoping I can use something like command-line linux (ubuntu mini for example) to keep it light-weight. I see that there is "tshark" which is a command…

wireshark tshark

asked Mar 28 '12 at 14:20

Scott Szretter

1,882
11
43
66

0

votes

2 answers

NBSS Continuation Message - Wireshark - Definition?

Looking at a capture and seeing a "NBSS Continuation Message" port 445, but I cannot find any reference anywhere to what this might mean. I assume it's a normal message for the NetBIOS Session Service, but can't find a definition of it…

windows wireshark

asked Mar 13 '12 at 15:15

schroeder

276
2
4
15

0

votes

2 answers

Needs help to understand the wireshark results of a data transferring

In my LAN, I have a router that runs a Samba server and my PC connects to the router. I wiresharked during uploading a file from my PC to the samba server. Below is a shortcut of the wireshark result, As can be seen, after server's reply in frame…

linux samba tcp wireshark

asked Jan 10 '12 at 22:32

sliter

225
1
3
6

0

votes

1 answer

Communication problems on secondary interface tap0

I am using UDP over ipv6 as communication stack. I have network client running on secondary virtual interface tap0. It generates messages for server which is supposed to run on the same interface but different link-scope ipv6 address. I can see…

networking ipv6 wireshark netcat interface

asked Dec 21 '11 at 18:17

Amit S

153
1
6

0

votes

1 answer

What does the C3 portion of 0xC308(BE) mean in an ICMP identifier?

I am using Wireshark to analyze traffic. I know that the 8 refers to the echo (ping) type. I have been unsuccesful with finding information regarding the C3 byte. Identifier (BE): 49928 (0xc308)

wireshark icmp hexidecimal

asked Dec 12 '11 at 05:34

somehume

153
1
5

0

votes

1 answer

Tcp retransmission tcp session reconstruction

Im trying to write a program that reconstructs tcp sessions. I have a pcap file which have packets. The problem is i dont know which packets i should use to construct sessions when there is a retransmission.…

tcp wireshark session pcap winpcap

asked Nov 22 '11 at 14:58

varstas

103
1

0

votes

1 answer

Using tshark to generate traffic logs every X seconds

I'm trying to use tshark to maintain a running history of all the packets that are going through an interface, for say 30 seconds. I want it to be human readable. This is a linux machine, and without mucking too much into the netstack source (which…

wireshark packet-analyzer tshark

asked Nov 15 '11 at 23:45

Sridhar Iyer

103
2

0

votes

2 answers

How to use tshark to do this task

I don't have any base knowledge about tshark, and it is hard to find any tutorial to help me with this. So now I have a pcap file which consists a lot of network flows; a time range; an ip addr; a tcp port number; the number of packets sent by the…

networking tcp wireshark java tshark

asked Oct 11 '11 at 18:08

Tor

3
3

0

votes

2 answers

SYN packets sent from one server but never arrives at destination

I am troubleshooting network problems for a client, remotely. The problem they have is that they get "connection timed out" occasionally between a web server and and a back-end search server. They can reproduce this behavior easily using a staging…

windows windows-server-2008 networking wireshark network-traffic

asked Oct 05 '11 at 08:03

LinusK

111
3

Questions tagged [wireshark]