Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

4

votes

3 answers

Sniffing the Vmware vmnet1 network with Wireshark

I have a virtual machine deployed in vmware fusion which is communicating with the host over the interface vmnet1. Unfortunately, wireshark does not offer me to to listen on that interface. Is there a solution for wireshark to listen on that…

networking vmware-fusion wireshark

asked Dec 16 '09 at 04:11

Benjamin

147
1
1
6

4

votes

4 answers

pfSense not forwarding back packets

I have a pfSense box setup where my WAN interface (em0) is set up in my local network (192.168.1.100) and my LAN interface (em1) is a private network of its own (10.0.0.1). The end goal is to have the 10.0.0.x network as private malware lab where…

nat port-forwarding pfsense wireshark

asked Aug 19 '15 at 00:21

Chiggins

811
8
21
37

4

votes

0 answers

Troubleshooting Packet Loss on pfSense + Ubiquiti UniFi (Wireshark maybe?)

I'm dealing with an annoying situation in a small network in my church, which I'm the primary volunteer IT caretaker, of about 20 PCs, give-or-take. We're in Chattanooga, home of Gigabit internet, so we have plenty of bandwidth (100mb connection).…

pfsense wireshark packetloss

asked Oct 23 '14 at 20:30

David W

3,453
5
36
62

4

votes

3 answers

Wireshark "length" column - what does it include?

Can anyone tell me what the "Length" column in WireShark refers to? I'm pretty sure it's the "size" of the entire frame on the wire. I did some calculations, but I didn't get the number that WireShark is reporting. Does anyone know what the "length"…

tcp wireshark

asked Oct 06 '14 at 19:30

slantalpha

305
1
5
17

4

votes

2 answers

Why is Wireshark not capturing certain POST requests?

If I use this filter in Wireshark: http.request.method == "POST" and use the vote buttons to vote for a stack exchange question, then Wireshark captures the corresponding POST request. I can also see in Chromes debugger that the request is a POST.…

java wireshark

asked Aug 13 '14 at 18:04

RTF

218
2
11

4

votes

0 answers

RTP analysis - Discerning ptime (packetization time) for a given VoIP packet capture

I would like some help on the subject of an automated way of discerning the average packetization time (ptime) of a VoIP call's packet capture. The reason I am not depending on the value in the SDP is because some PBXs that I work with, send their…

voip wireshark sip tshark rtp

asked Aug 11 '14 at 05:04

bomp

141
2

4

votes

2 answers

Wireshark TCP Window Size Value

I am debugging an application with Wireshark and watching the TCP Window Size value shrink on one side of the communication. If the packet's TCP section shows a "Window size value: 1", does that mean the source's window size is 1 or the…

tcp wireshark

asked May 28 '14 at 14:07

T Vernon

43
1
1
3

4

votes

2 answers

How to parse OpenFlow packets using tcpdump capture file programmatically

I am working with OpenFlow packets and am analyzing the network via tcpdump. Currently, I use the WireShark GUI to parse the generated capture file and it does serve my need. However, I was wondering whether WireShark has an API so the same can be…

wireshark tcpdump openflow

asked Jun 20 '13 at 16:39

spiritusozeans

225
2
10

4

votes

2 answers

How to use Linux to capture packets on eth0 and send everything to eth1?

Today I got an enterprise Internet connection together with a Sagemcom router. The first time it is connected to the Internet, it will spend 20 minutes upgrading the firmware. I would really like to capture all the traffic for this upgrade using a…

linux networking centos wireshark tcpdump

asked Apr 05 '13 at 08:54

Sandra

10,303
38
112
165

4

votes

3 answers

wireshark capture the traffic of other devices in LAN

I am using wireshark on Windows to capture my traffic. Is there a way to capture the traffic of other computers which are connected to the same LAN. If it is not possible with wireshark, is there other tool capable of doing this.

wireshark

asked Oct 25 '12 at 17:48

Salvador Dali

965
6
20
31

4

votes

3 answers

TCP segments of an HTTP Request in wrong order

My web-services server sometimes does not receive correct HTTP requests and returns "500 - Internal Server Error". Using tcpdump and Wireshark on the server, I found out that HTTP requests are splitted into 2 TCP packets, and that sometimes, the…

networking wireshark tcpdump

asked Jun 20 '12 at 11:28

Pierre Laporte

143
1
4

4

votes

2 answers

Why Wireshark does not recognize this HTTP response?

I have a trivial CGI script that outputs simple text content. It's written in Perl and using CGI module and it specifies only the most basic headers: print $q->header( -type => 'text/plain', -Content_length =>…

http wireshark

asked Apr 05 '12 at 19:25

Alois Mahdal

283
1
4
18

4

votes

1 answer

how to view hostnames in traffic entering my webserver (Apache)?

Is there any way I can view the hostnames used by incoming traffic that is accepted by my apache webserver? For example, say the webserver is set up to process incoming traffic for an IP address, but there are several host names the webserver can…

apache-2.2 web-server wireshark tcpdump

asked Feb 18 '12 at 22:50

gkdsp

582
1
6
19

4

votes

2 answers

Best way to analyze pcap files from Wireshark?

I've got 50-100MB pcap files captured from Wireshark and need to analyze where most of the traffic is going to/coming from. What's the best way of doing this? Ideally I'd like to end up with an Excel csv file showing the top 50 or so IP addresses…

wireshark pcap

asked Jun 16 '11 at 02:01

Michael

506
2
8
19

4

votes

1 answer

SSL Packet inspection on Linux

I'm trying to build a web client for an HTTPS website. I think I've done everything right, yet obviously I get a different result in the browser than with my crawler. As far as I understand, there is no way to examine an SSL packet. But, I'm not…

linux ssl https wireshark packet-capture

asked May 06 '11 at 17:03

Evan Carroll

2,373
10
34
53

Questions tagged [wireshark]