All Questions
38
questions
2
votes
1
answer
769
views
How to explain sequences of FIN,ACK instead of FIN - FIN,ACK?
Context: newly installed Debian 12, I get a bunch of strange logs related to ssh:
root@square:~# journalctl -u ssh -f
May 07 11:13:00 yop-square sshd[766]: error: kex_exchange_identification: ...
0
votes
0
answers
68
views
Wireshark showing packet exchanges with unconnected IPs
Running Wireshark on a PC for network monitoring and I noticed something strange. Application data is being exchanged with websites that are not open in the browser, or on any other device on the ...
1
vote
1
answer
589
views
Retransmission of TCP packets
I have device A (10.10.25.1), which is connected to device B(10.10.25.52) via unmanaged switch. Device A is a computer. Device B is measurement instrument. Device A is continuously(every 1sec) sending ...
0
votes
0
answers
74
views
TCP Receiver's Window stop increasing
I'm debugging a high-bandwidth TCP connection whose throughput is significantly lower than the capability of the device and the network. The network between these 2 hosts is expected to be high ...
0
votes
0
answers
2k
views
TCP Retransmission (TCP Port numbers reused) issues
I developed a web server and this is running on GKE.
Whenever I send any request to this server from my local pc, it occurs TCP retransmission.
Following is captured packets with Wireshark. The red ...
0
votes
0
answers
428
views
Why does my LAN NIC get a lot of TCP retransmissions and timeouts?
yesterday I recognized that git cloneing repositories from my private GitLab instance wasn't working consistently. My internet connection is fine and I can also visit GitLab's web interface without ...
0
votes
0
answers
651
views
How do I stop TCP reset packets?
Full story: This has been quite the odyssee, finding out who is sending these TCP reset packets. The isp pointed me in the direction of the minecraft server, the minecraft server said it has to be the ...
1
vote
0
answers
264
views
why might nmap on a computer be reporting port 443 as closed on some but not all computers?
When I run nmap event-bridge.twilio.com on roughly half the computers in my network I get this:
PORT STATE SERVICE
443/tcp closed https
When I run it on the other half of the computers in my ...
0
votes
1
answer
1k
views
Where is the iptables MARK location in TCP package?
In my CentOS7 Server, I emptied all the iptables rules, and then add below rule:
iptables -t mangle -N DIVERT
iptables -t mangle -A PREROUTING -p tcp -m socket -j DIVERT
iptables -t mangle -A ...
0
votes
1
answer
1k
views
What ends a TCP stream?
I am using WireShark and went to google.com. I got 23 TCP streams,23 TCP conversations, 23 handshakes right? I know that the TCP streams end with FIN Flag and that TCP segments are encapsulated in the ...
0
votes
1
answer
325
views
Device communicates with server through bridge, unable to capture all packages
I'm trying to reverse engineer a device to be able to access its API locally. Currently it is communicating with an online server, where I can log into to see its data.
Set up
The device connects ...
0
votes
1
answer
853
views
Wireshark is not display the packets between the client and server
On my machine there a TCP server is running @port 54000 which is a echo server it sends the same message which is sent to it.
I have multiple clients which is connected to this server. Clients and the ...
0
votes
1
answer
958
views
When connecting via SSH, does the Diffie-Hellman key exchange take place over an unencrypted TCP session or does encryption occur before the exchange?
I'm a cybersecurity student and I'm eager to understand the basic processes of an SSH session. I wrote down the stages to the best of my ability, but need help understanding what happens right after ...
0
votes
0
answers
373
views
Replicate TCP connection
I have a desktop app that connects to a server by using TPC and gets some data from it (it is in a local environment and it doesn't need any type of authentication). I have to develop an app that ...
0
votes
1
answer
103
views
How is Wireshark constructing HTTP Flows?
I'm trying to understand how Wireshark knows what request is correlated to a response - "Follow HTTP Flow".
For example, some http packets may be sent with gaps of other tcp packets.
Some have ...