Highest Voted 'wireshark' Questions - Server Fault Stack Exchange

2

votes

2 answers

Wireshark: What is wag-service?

I'm seeing alot of wag-service traffic in wireshark. What is it?

wireshark

asked Dec 08 '09 at 13:06

intransit

2

votes

2 answers

Monitor where an application is connecting to on MacOSX

I just downloaded wireshark for mac as I am trying to find out exactly where an app is connecting. I need to see the URL and the protocol whether it is https or http. I am very new to Wireshark and testing in general and as such would require a…

asked Apr 11 '18 at 10:29

JamesG

121
3

2

votes

1 answer

Wireshark under Windows: Any way to capture packets before dropped by special filter drivers?

I've got some GigabitEthernet Vision cameras, which use Ethernet to communicate. The protocol is simple UDP, but for performance reasons (high packet throughput causing CPU load) the manufacturer uses a filter driver that prevents those packets from…

ethernet udp wireshark pcap winpcap

asked Feb 20 '18 at 09:15

SDwarfs

385
4
18

2

votes

2 answers

How can I measure the exact time differences (offsets) between two machine?

How can the time differences between two Linux machine be measured accurately? I heard that 'Ping' gives RTT with the association of OS influences therefore not accurate in nanosecond level? If so, what else there have to measure the time difference…

wireshark ping linux

asked Sep 04 '17 at 01:02

Fida Hasan

21
1
3

2

votes

1 answer

Decoding ssl packets with cipher TLS_ECDHE_RSA in wireshark

I am trying to decode ssl packets in a packet capture using wireshark. I am able to successfully decode the packets with server key when the cipher selected by the server during TLS handshake is TLS_RSA_WITH_AES_256_CBC_SHA256.I just mention the…

wireshark

asked Aug 18 '17 at 12:38

user3049437

33
1
4

2

votes

0 answers

Does wireshark can capture https request?

I have been working in wireshark. And I can able to capture the http request and capturing http packets using wireshark. And now I am capturing the https request. It seems does not capture the packets and when I right click-> follow-->tcp stream It…

wireshark

asked Feb 24 '17 at 07:56

toastmaster

21
1
5

2

votes

1 answer

What is running on port 49181 Windows 7

I have an application that relies on port 63000 for communicating with other devices over the network. Some while ago this app stopped working on the PC. I tried all sorts of firewall configs, ON/OFF etc but no effect. Today I noticed that even…

windows-7 port wireshark netstat

asked Oct 07 '16 at 11:46

TenG

143
6

2

votes

0 answers

How to measure latency using wireshark

I'm trying to measure the wire-to-wire latency of a blackbox application. The application engages in tcp offloading (kernel bypass), it consumes incoming UDP packets via a NIC and in response, publishes outgoing TCP packets via the same NIC. What…

networking wireshark tcpdump latency

asked Sep 25 '16 at 11:27

user2635088

121
3

2

votes

1 answer

Using wireshark to determine which RSA PRIVATE KEY SSL conversation?

Situation I have a client VM and server VM communicating using SSL. The client VM runs wireshark capture using CLI Wireshark GUI is running locally on a different machine. Steps As USER on the client VM I initiated a RESTful HTTP session over…

ssl wireshark private-key

asked Jun 10 '16 at 13:24

Dave

367
2
5
11

2

votes

2 answers

TCP connection RST after FIN, ACK

I have a situation that would like to clarify with the experts here. I am no network expert so maybe it's normal, but i rather ask. We are trying to diagnose a problem between two servers, both are virtual servers, one is windows and the other is…

tcp wireshark arp

asked May 04 '16 at 15:43

Patricio Téllez

19
1
2

2

votes

1 answer

Meaning of [MASKED] in pcap file

What does [MASKED] mean? Is it related to websocket proto? Can i state that x.x.7.151 initiated connection closing?

wireshark

asked Mar 16 '16 at 13:49

user1700494

1,642
2
12
21

2

votes

0 answers

is the disconnection caused by too many TCP Dup Ack?

I am investigating a service disconnection issue and I am a bit confused by some of the Wireshark logs. Need some help to find out how the disconnection was caused. Ideally when A sends an ACK to B for sq number 123, B sends packet with sq number…

windows wireshark

asked Nov 06 '15 at 10:00

Neo Wang

21
1

2

votes

1 answer

Wireshark shows "TCP Dup Ack" on SACK after each regular ACK

I have a TCP session captured via switch port mirroring and tcpdump. When viewing it (in Wireshark), I see the same pattern whenever I send a message; here's an excerpt of the outbound packets (I don't capture the inbound ones...yet): [PSH, ACK]…

tcp wireshark tcpdump

asked Nov 04 '15 at 21:17

John Zwinck

281
2
4
17

2

votes

2 answers

How to efficiently re-order packets in PCAP files based on timestamp?

I have a PCAP file which contains many packets. They are however out of order based on the timestamp (it is actually randomized). What is the best way to efficiently sort the PCAP packets based on timestamp for later replay? Currently I am doing…

python wireshark pcap

asked Aug 10 '15 at 15:43

Daniel

165
1
9

2

votes

2 answers

How to decode traffic as NTLM protocol in Wireshark?

I'm trying to debug NTLM authentication issue. One of my ideas was to capture the network traffic and look thougth it. In my case NTLM authentication is going over non-stardart port (6901). Of course, Wireshark can't detect it. But there is no NTLM…

wireshark ntlm

asked May 21 '15 at 12:03

Jury

133
1
1
4

Questions tagged [wireshark]