Skip to main content
Network Engineering

Questions tagged [wireshark]

Ask Question

For questions about Wireshark, a packet analyzer

301 questions
Newest Active Bountied Unanswered
8 votes
4 answers
546 views

We have a setup with four equipment connected to an EX3400 PoE switch. One is a linux server with IP 10.10.0.101. Two are custom FPGA boards - let's call them A boards - with IPs 10.10.0.150 and 151 ...
Marco Montevechi Filho's user avatar
  • 85
0 votes
1 answer
75 views

what would be the best way to solve the issue as depicted below? In short, I have a running TCP session between server and client - and I need to send the data coming from the server side to a second ...
WoyoC's user avatar
  • 55
1 vote
1 answer
272 views

In PAN-OS 11.1 I could do "debug ike global on dump" to get some [DEBG] and [DUMP] messages in ikemgr.log from which I could get the SK_ei and SK_er keys that allow me to decode the IKEv2 ...
Bruno Rijsman's user avatar
  • 369
5 votes
2 answers
279 views

I have a question about how Wireshark decode MP_REACH_NLRI BGP-attribute witj AFI = 1 and SAFI = 128. On the screenshot prefix length is 118 bits. We have 24 bits for one MPLS label and 64 bits for ...
razenkovv's user avatar
  • 51
0 votes
1 answer
112 views

One of my co-workers had some odd output on some Wireshark logs with "connecting twice". I went and looked, and sure enough it looks like the client redoing the opening TCP handshake ...
T.E.D.'s user avatar
  • 103
1 vote
0 answers
87 views

I used Wireshark to capture IEEE 802.11 Beacon frames in promiscuous mode. I see frames from about a dozen of AP's around me. But I receive them only once in a few seconds, despite AP's having beacon ...
Sgg8's user avatar
  • 111
1 vote
1 answer
233 views

Recently, I conducted an experiment involving uploading a file to a server. I noticed that the acknowledgment numbers I received did not align with the sequence numbers. Please refer to the attached ...
nsrdn's user avatar
  • 13
1 vote
1 answer
621 views

In the PSK authentication method, I see only 4 way handshake packets between supplicant and authenticator. They are called EAPoL in the Wireshark What I know that when EAP is carried over LAN (...
tbhaxor's user avatar
  • 123
1 vote
1 answer
78 views

I have captured a few TLS handshakes, I would like to focus on one tls handshake and the communication thereafter. For example, I connect to www.facebook.com and www.pinterest.com how do I tell ...
Benjamin Morales Perez's user avatar
  • 11
1 vote
0 answers
39 views

http://www.tcpipguide.com/free/t_DHCPGeneralOperationandClientFiniteStateMachine.htm I'm reading through the entire Discover, Offer, Request, Acknowledgement phases in DHCP. And I am really confused. ...
Team B.I's user avatar
  • 113
0 votes
1 answer
183 views

In Wireshark, when I follow a TCP or UDP stream using right click -> Follow -> UDP Stream, if there are some ICMP packets from same endpoints, wireshark will keep them in the stream. Why? Since ...
Sourav Kannantha B's user avatar
  • 103
1 vote
1 answer
483 views

The DHCP packets with the message type Discover, Offer, Request and Acknowledge use the L2 broadcast address for communication (even in the Acknowledge packet which has an IP destination of the newly ...
Strategist's user avatar
  • 57
0 votes
1 answer
1k views

Is there a way in wireshark to find out a single SYN that does not get answered by SYN/ACK?
fsociety's user avatar
  • 905
2 votes
2 answers
259 views

I have an embedded device connecting to a server (on AWS Application ELB if that matters). Both the server and the client are instructed to close the connection after one request. I noticed that the ...
xxljob's user avatar
  • 21
0 votes
2 answers
3k views

I am doing a lab where we are meant to ping an address and use wireshark to capture ICMP packets when we ping that address. WHen I run the wireshark capture with the ICMP filter on and ping my address,...
Garrett LaCoste's user avatar
  • 1

15 30 50 per page
1
2 3 4 5
21