Questions tagged [wireshark]
The network protocol analyzer developed and maintained by the Wireshark Foundation
889
questions
0
votes
0
answers
27
views
Server sometimes not sending ACK in response to PSH, ACK
We've implemented a TCP server socket in C++ on a linux machine which is connected to another device, streaming data small packets at high rate (800 Hz). To do so without too much latency (which we ...
0
votes
1
answer
26
views
Detecting esp8266 traffic using Wireshark
I have programmed an esp8266 to make some http get requests to a remote webserver.
I would like to analyze this http requests somehow, with an external tool like Wireshark.
The purpose is to see how ...
0
votes
0
answers
74
views
ARP request is successful, but TCP SYN is not visible in output of Wireshark
I was redirected from Network Engineering, hopefully below is in scope of on-topics.
I have a TCP server, its properties are the following:
It runs within a virtual machine (VMware).
The host OS is ...
2
votes
1
answer
768
views
How to explain sequences of FIN,ACK instead of FIN - FIN,ACK?
Context: newly installed Debian 12, I get a bunch of strange logs related to ssh:
root@square:~# journalctl -u ssh -f
May 07 11:13:00 yop-square sshd[766]: error: kex_exchange_identification: ...
1
vote
0
answers
27
views
802.11 frames gets resent by my linux
My program is sending custom 802.11 frames for WPA handshake, like authentication, association or acknowledgement. Yet the operating resend the same packet with modifying its radiotapheader and ...
1
vote
1
answer
73
views
Why won't Google Chrome really or Firefox capture the network developer request of a form autopost
So imagine this code running on localhost:9080, the page does not render content but instead does a HTML auto post. But I like to use the network tab to see the HTML content rendered under the ...
0
votes
1
answer
53
views
How to capture packets with different snaplen for different packets
I'm trying to capture packets to diagnose a network application. There are a small number of packets that I want to capture the entire contents for application level protocol analysis, but a large ...
0
votes
0
answers
36
views
Filename error for TFTP recovery for a damaged embedded device
I have a device that do not start, I connected it to my PC and launched Wireshark.
As you can see bellow, the device is asking for a file ends with semi-colon called recovery; to be uploaded through ...
0
votes
0
answers
62
views
TCP packets with Protobuf messages not dissected
I'm trying to use Wireshark to dissect Protobuf messages sent over TCP using gRPC. When I view the data portion of a messages, I see raw bytes instead of a dissected view.
I've added the path to the ...
0
votes
0
answers
40
views
Downloads stop suddenly in 5ghz only
Without the possibility of using a wired connection, I use a Wifi connection via tplink router an Intel Wifi 6E 160MHz card(latest Intel driver installed) on Windows 10.
I use an application (latest ...
2
votes
1
answer
177
views
Does total network traffic being higher than the bit rate of a device's ethernet controller affect the controller?
I am using a Wago 750 ethernet controller on a local network that is at its peak hitting ~38,000,000 bits / second as per Wireshark. The Wago is becoming semi-unresponsive around the time of this ...
1
vote
1
answer
210
views
PostgreSQL traffic analysis - Wireshark - how many bytes in total are being received by the client?
<TL;DR>
How many bytes are being received in total when a SELECT * command is issued for a (small) table?
</TL;DR>
I have a PostgreSQL table - very simple (see fiddle here):
CREATE TABLE ...
2
votes
1
answer
334
views
How Wireshark is able to pick network traffic from within Windows10 coming from WSL2
My task is to create 2x programs written in C/C++ which can communicate with each other from within WSL2 and Windows 10. I'm able to send traffic from WSL2 to Windows 10, however
I cannot manage to ...
0
votes
1
answer
273
views
Understanding packet routing when using Wireguard/Tailscale and the BitTorrent Protocol
I have a local machine on a VPN network with private IP A , and a VPS with private IP B which acts as an exit node, i.e. all traffic in the local machine is supposedly being routed from the local ...
1
vote
0
answers
106
views
USB Enumeration - Windows - Unusual Port Reset
I am testing a custom usb data logger hardware by running a long term test. My tests have been failing due to USB communication issues after 15 odd hours so I decided to investigate. I have Wireshark ...
1
vote
1
answer
126
views
Why am I able to send UDP packet larger than my WIFI interface's MTU?
I have written a simple python program to send a UDP datagram.
import socket
client_socket = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
host_name = socket.gethostname()
host_ip = '1.2.3.4'
print(...
0
votes
1
answer
72
views
Windows laptop will not turn on after installing Wireshark
I have a Dell XPS laptop running Windows 10. I installed Wireshark from here, including Npcap from the same installer. All the additional options were left default.
After closing the laptop lid for a ...
0
votes
1
answer
69
views
From a computer connected in Wifi, can I see the traffic of ethernet-connected computers, with Wireshark?
In the following network, if I open Wireshark on ComputerA, can I see the traffic of ComputerB (to internet) with Wireshark?
____________________
| Home router |
| (provided by ISP) |
| 192....
0
votes
0
answers
430
views
ffmpeg - Jitter when streaming audio over RTP
So as a disclaimer, i'm trying to do something with ffmpeg that may be at the limit of what can be achieved. However, even though it's not possible, i would like to understand why.
What I want to do ...
0
votes
2
answers
106
views
Can my network admin see my traffic over a Flask app?
So I've got a Flask app that connects to the internet to send/receive data. It does so by connecting to a website's API (which has HTTPS). So I'm quite sure the Flask app is HTTP. I connect as 127.0.0....
1
vote
1
answer
807
views
Trying to understand how WSL2 networking and routing works when pinging google.com, confused
I'm trying to learn networking and i'm still a novice. I'm confused about how the routing is done between the virtual adapter and my wifi card
When I ping google.com from WSL, I can see on Wireshark ...
0
votes
0
answers
297
views
How to capture packets at the Ethernet layer on a SOCKS5 proxy server?
When I capture packets with tcpdump on an Ubuntu 20.04 VM running a SOCKS proxy server on port 1080, they are often larger than 1500 bytes. My network device has an MTU of 1500, so as far as I ...
1
vote
0
answers
86
views
kali linux filter by protocol wireshark's pcaps
I spent the last 2h looking for a way to quikly filter pcaps, it seems that it is possible using cmd/bat on windows but I can't find anything for kali linux.
I have a way too big pcap and I want to ...
0
votes
0
answers
57
views
How do I detect BGP attacks in these Wireshark packets
I received a Wireshark capture file as a task. There are 3 TCP packets for the TCP 3-way handshake to establish the connection and 4 BGP packets.
I received additional information and now I have to ...
0
votes
0
answers
68
views
Wireshark showing packet exchanges with unconnected IPs
Running Wireshark on a PC for network monitoring and I noticed something strange. Application data is being exchanged with websites that are not open in the browser, or on any other device on the ...
0
votes
0
answers
19
views
Implementing Video streaming restrictions based on hourly usage at home
I'm new at networking, so my question might be basic or naive.
I want to implement restrictions for mobile devices if it is being used to view videos for more than an hour continuously then its ...
0
votes
0
answers
190
views
Wpa PTK and GTK in detail
I have been checking Pairwise and Group Transient keys in a network for security. I understand
PTK is derived from = PMK, AP nonce (ANonce), STA nonce (SNonce), AP MAC address, and STA MAC address
...
0
votes
1
answer
286
views
Configure Virtualbox to capture network traffic between 2 VMs on the same host from another physical machine
My context is:
A physical machine with windows 10 (PC_Physcial_01) that host 2
virtualbox linux VMs PC_VM_01 & PC_VM_02)
An other physical machine dedicated to sniff network traffic
(...
-1
votes
1
answer
81
views
Why is it written in nmap official doc that -sL does not send any packet, when it actually send them?
Sniffing with wireshark, I see a bunch of ARP, and DNS requests.
So why in the official doc it's written this:
The list scan is a degenerate form of host discovery that simply lists
each host of the ...
0
votes
0
answers
213
views
Setting MacOS Airport Utility into monitoring multiple channels
I am using MacBook Pro 14' 2021 M1 Pro with MacOS Ventura 13.3.1. I would like to use wireshark in monitor mode with wifi interface. I have read, that I can switch 802.11 channels with the command:
/...
1
vote
0
answers
123
views
Why is TCP connection on Windows machines, retransmitting after receiving a correct ACK from HTTP server
Using two different Windows laptops, one with Win 7 and the other Win 11, I'm trying to connect to the HTTP GUI of a device (cell phone booster) that's connected directly to my laptop through an ...
4
votes
3
answers
2k
views
Does DNS-over-HTTPS hide domain name of websites from packet analyzers?
A person on my same Wifi network is tracking name of the websites that I visit using tools like Wireshark. Does DNS over HTTPS hide the name of the sites that I visit?
My DNS settings are -
DNS ...
1
vote
1
answer
587
views
Retransmission of TCP packets
I have device A (10.10.25.1), which is connected to device B(10.10.25.52) via unmanaged switch. Device A is a computer. Device B is measurement instrument. Device A is continuously(every 1sec) sending ...
0
votes
1
answer
194
views
Reassemble Wireshark WiFi captured LLC packets into original message
I have the following setup within my own WiFi network: one machine (A) connected to my WiFi (which connects to the internet), and one machine (B) running Wireshark, with a WiFi adapter in monitoring ...
0
votes
1
answer
663
views
How to disable TCP SACK in Windows XP?
Device 1 Windows XP. 192.168.101.173, I have access to the application code, but it is massive.
Device 2 Embedded device. 192.168.101.205. I don’t have access to the code or even to logs from this ...
1
vote
1
answer
233
views
TLS certificate validation depth
Background: I'm using the curl library to upload files via TLS to a server with a DigiCert certificate.
Phenomenon: During the handshake phase, the server sends a Hello message and returns the ...
0
votes
0
answers
51
views
Can't see my update location request but kc has changed, general information about GSM
I need to ask for your help because I feel I miss something in my train of thoughts.
So, I've installed gr-gsm with all the dependencies from a fresh docker
https://github.com/uetacog/grgsm_docker
...
0
votes
0
answers
50
views
Loosing UDP messages during routing?
I am trying to test software that I’ve written to send UDP messages. This software works if I don’t bind the socket to a port (i.e. it defaults to NIC 1). I can see the messages with Wireshark running ...
0
votes
1
answer
1k
views
Wireshark: how to show UDP payload as text?
I have a device that broadcasts strings for debugging purposes, and i need to capture these UDP message and read the string.
As you can see, i cannot read anything in the data.text column, while the ...
0
votes
0
answers
73
views
TCP Receiver's Window stop increasing
I'm debugging a high-bandwidth TCP connection whose throughput is significantly lower than the capability of the device and the network. The network between these 2 hosts is expected to be high ...
0
votes
1
answer
812
views
Troubleshooting SMB connection to file share
I have a bunch of servers and a file share set up on a remote HNAS. The file share is set up to use SMB 3.1.1 and the servers are all Windows Server 2019. 5 out of 6 servers connects just fine to ...
0
votes
1
answer
164
views
Wireshark hex escapes not woking while matching payload
In wireshark I was trying to match packets whose payloads does not begin with 00 24. But for some reason, this filter is failing:
not(udp.payload ~ "^\x00\x24")
But surprisingly this works:
...
0
votes
1
answer
918
views
How to decode DCE RPC stub data in WireShark
I need to compare connection session of 2 OPC DA clients connecting to a remote server. Under the hood they uses DCOM and DCE RPC. Fortunately, WireShark provides dcerpc dissector, but it doesn't ...
2
votes
2
answers
317
views
extract the top 5 TCP or UDP flows from tshark sorted in descending by Total bytes
As the question heading states, given a packet capture I want to extract the top 5 flows for TCP (or UDP) sorted based on total bytes in the descending order.
I have come up with this so far
tshark -r ...
0
votes
0
answers
160
views
In a GPON network, running wireshark captures SIP phone calls from other users
I plugged my laptop into my ONT and fired up Wireshark.
To my surprise a lot of SIP packects were present, and I could see phone numbers of other costumers, and the people they called. I didn't ...
0
votes
0
answers
1k
views
How to fix receiving UDP data on windows?
On a windows 10 machine I am running the following python code (3.10.11) to receive data on UDP port 9001 (without any VM running):
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.bind((&...
2
votes
0
answers
241
views
WSL2 cannot connect to the Internet when Sangfor aTrust is running
I am using WSL2 on Windows 11 22H2 22624.1470. Ubuntu 22.04.6 LTS installed on WSL2. When I run a program called aTrust, which is developed by a corporation called Sangfor, my WSL2 cannot connect to ...
0
votes
0
answers
289
views
How to get wireshark to sniff packets between client and server using VMs attached to NAT Network
I am really new to pen testing. I am using Oracle Virtualbox, and I have three kali linux VMs setup. I am trying to use wireshark on a VM to sniff packets between a Modbus client VM and a Modbus ...
1
vote
2
answers
668
views
Send Data Across NICs Using socat
I'm working on a project trying to develop a data diode for unidirectional transfer of data, and I'm hoping to use socat for some measurements. As a first step, I want to use socat to send data from ...
1
vote
1
answer
1k
views
Mouse disconnects when I flick at high speed
Issue
I use a zowie EC2-A mouse to play fps games.
I'm using a custom built PC running windows 10.
I've been noticing recently that when I flick the mouse quickly to the right or left that it will ...