Wireshark is an open source Network Protocol Analyzer under GNU License.
Questions tagged [wireshark]
507 questions
6
votes
5 answers
Wireshark filter to only capture Incoming Packets?
I am trying to setup a Filter (so my log files aren't massive) that will capture only incoming traffic. I have looked on http://wiki.wireshark.org/CaptureFilters but so far have been unable to find a way to do this. Does anyone know how?
Just as a…
Aidan Knight
- 650
- 3
- 11
- 19
6
votes
2 answers
No interface available for Wireshark running on Ubuntu with wireless connection
I'm completely new to wireshark.
I have Ubuntu on a Dell with wireless connection.
When I go to Wireshark Capture Option, I cannot select any interface since no interface is listed.
What is the problem and how can I fix that?
Phuong Nguyen
- 703
- 1
- 12
- 27
5
votes
5 answers
Is it safe to run Wireshark on a production IIS7 server? Is there a good alternative?
We host a bunch of ASP.NET sites on an IIS7 server. Occasionally, we'd like to be able to log HTTP POST data to troubleshoot problems. IIS lets us log the query string, but not the POST data - at least, we haven't found a way.
Do you think it's safe…
Richard Beier
- 399
- 3
- 10
- 17
5
votes
2 answers
How can I easily locate a specific TCP conversation in two separate (and large) packet captures using wireshark?
Occasionally, I'll need to compare packet captures (usually wireshark or tcpdump) that are collected from both sides of a TCP conversation. Sometimes the two hosts involved are very "chatty" so I'll need to narrow down the capture to just a…
Mike B
- 11,871
- 42
- 107
- 168
5
votes
1 answer
What is "Cisco STG" and why would it dynamically replace a wildcard certificate on port 5061?
I have a lync client that is connecting to a Lync Edge server on port 5061. I get an invalid certificate error when connecting.
When I run wireshark, during the TLS setup, and inside the certificate I see an unexpected issuer with an RDN sequence…
makerofthings7
- 8,911
- 34
- 121
- 197
5
votes
2 answers
Is it possible for Wireshark to drop packets purposely?
I would like to test something like VoIP. I would like to test with some "artificial packet loss". Is Wireshark able to do this? Or is there any good solutions?
Harold Chan
- 513
- 1
- 5
- 11
5
votes
2 answers
using wireshark/tshark in command line to ignore ssh connections
I'm trying to debug some by looking at the packets and I would like to avoid getting all the SSH traffic to the server. Is there a way to ignore?
I tried to do something like tshark -f "port !22" but it stopped listening after the command.
[root@vpn…
Tiffany Walker
- 6,681
- 14
- 56
- 82
5
votes
2 answers
Correct way to show only TCP packets in wireshark
I needed to write a filter that correctly outputs only TCP packets, the obvious way, and the way written in wireshark is just tcp but when I tried it, it showed me also http, tls (as far as I understood everything that relies on TCP).
So my next try…
Salvador Dali
- 965
- 6
- 20
- 31
5
votes
3 answers
What causes a switch port to receive data not destined for it?
We are having an intermittent fault which is effecting one of our control systems on one of our HP Procurve switches.
For some reason, this PLC (10mbit port - 192.168.6.56) which is attached directly to the HP Switch intermittantly start's receiving…
user1693454
- 135
- 1
- 3
- 11
5
votes
1 answer
Client not getting address from some DHCP server
I'm working on some embedded devices which should be connected to a large network (hundreds of devices) via ethernet and that should be configured using the DHCP protocol. What I'm experiencing is that apparently the devices get the address in some…
Luca Carlon
- 171
- 1
- 8
5
votes
2 answers
syn/ack sequence number confusion
I was looking at some random traffic in wireshark and came across this (using relative seq/ack numbers):
1. myIP -> 74.125.227.96 [SYN] seq=0
2. 74.125.227.96 -> myIP [SYN/ACK] seq=0 ack=1
3. myIP …
Bhubhu Hbuhdbus
- 153
- 1
- 3
5
votes
1 answer
Wireshark - Filter for Inbound HTTP Requests on Port 80 Only
We are integrating with an outside company in which we have had to make certain IP and port restrictions.
First, I am novice at network administration, so If I butcher anything, please forgive me.
I am using Wireshark to try to catch incoming…
TheJediCowboy
- 613
- 3
- 8
- 12
5
votes
2 answers
Silently start Wireshark
I have a computer in our office that always gets infected by viruses. Because of this, I would like to use Wireshark (or at least something) to monitor internet traffic for a while on this machine. How can I have it start at boot time and begin…
codewario
- 548
- 3
- 16
- 36
5
votes
5 answers
How to capture Wireshark packets when using a switched network in Windows
I’ve been asked by our SIP trunk provider to run a Wireshark trace on the network when we receive calls.
The issue I’m having is that if I run Wireshark from a laptop plugged into the main switch I only see the broadcast traffic from the switch and…
best
- 301
- 2
- 4
- 11
5
votes
5 answers
Parse HTTP requests through Wireshark?
Is there any way to parse HTTP request data in wireshark? For example, can I expose the request parameters upon an HTTP GET request (being sent by my machine), so that I don't need to read the (sometimes) truncated URL and find them by myself?
I was…
diogobaeder
- 151
- 1
- 3