Browsing articles tagged with "wireshark - Admins Goodies"
Jan 22, 2013
tom

Is it possible for Wireshark to drop packets purposely?

I would like to test something like VoIP. I would like to test with some “artificial packet loss”. Is Wireshark able to do this? Or is there any good solutions? Asked by Harold Chan You can use tools like WANEM to simulate packet loss. It’s a Live-CD, so you can put it on a system between your server & clients. Answered by Striker_84 Check more discussion of this question. Bookmark on Delicious Digg this post […]

Continue Reading »
Dec 28, 2012
tom

Sniffing packets of specific binaries / apps / process id?

Is there a way to associate packets with executing binaries? I would be open to traditional sniffing methods or even dtrace for that matter. I have a specific issue on a system with very high traffic. Sniffing “all” packets and filtering them is becoming a very burdensome problem and eliminating packet emission from all but the offending app is not possible in this scenario. Asked by ylluminate Not sure this is what you require, but […]

Continue Reading »
Dec 14, 2012
tom

Wireshark and mirrored ports bringing in 10k+ packets a second

I’ve got wireshark setup on a monitoring machine to monitor our offices internet traffic (approx 40 machines). However, whenever I start wireshark within about 30-40 seconds it has crashed – I think due to the large volume of packets being received around 10,000+ per second. Is there anyway to solve this? I have attempted to use the filter option near the top of the screen, but I still have to enable to monitoring and by […]

Continue Reading »
Dec 14, 2012
tom

Can you run a packet capture (wireshark) while rdped to a server?

I want to run a packet capture while rdped into a box. I’m pretty sure it won’t drop the connection to the server (a server with one nic). I tested on VMs and it seems fine. Am I missing something? Asked by gar09 This works perfectly fine. The only scenario in which it might not work is if you are using it on a wireless interface that is put into monitor mode and disassociates from […]

Continue Reading »
Oct 16, 2012
tom

Inspecting the E-mail traffic of a Windows Server 2008 R2 [closed]

I have seen that the IP address of my mail server has added to blocked IP address list on http://psbl.org. I am using this server for personal use. So, it is not that much of an issue that I am, as a non IT pro, handling the server. I suspect that someone obtained the password of one of the e-mail addresses or my server got infected by a spamware. I am trying to find out […]

Continue Reading »
Jul 18, 2012
tom

What are capture interfaces in Wireshark?

I am really new to Wireshark, and I am little confused about the term capture interface. I see a list of about 9 to 10 so-called interfaces. What are they? I mean, I have only one Ethernet interface card and a wireless card, with each providing one interface, which makes two interfaces(?), doesn’t it? But how is that Wireshark tells me there are 9 interfaces? Asked by Yang Jy These are virtual interfaces that exist […]

Continue Reading »
Jun 20, 2012
tom

TCP segments of an HTTP Request in wrong order

My web-services server sometimes does not receive correct HTTP requests and returns “500 – Internal Server Error”. Using tcpdump and Wireshark on the server, I found out that HTTP requests are splitted into 2 TCP packets, and that sometimes, the server tries to process the request before the second packet could arrive. This wireshark capture has been taken on the server side. So what I see is that : The first fragment of the HTTP […]

Continue Reading »
May 8, 2012
tom

Router is continually broadcasting the same ARP request, with the exact contents

I hope the question is clear and that this is correct place to post the question. My router is broadcasting the same ARP frame over and over (once every second). It’s probably not a big deal, but I want to understand what is going on here. The request info according to Wireshark is: “who has 10.1.1.111? Tell 10.1.1.1″ Which is weird cause the only occupied IPs are up to 10.1.1.8 Thank you. Asked by m4design […]

Continue Reading »
May 1, 2012
tom

How to separate PCAP by unique IP address

I have an hour long PCAP file which has about 60 individual network attacks done on our test network here at work. Each attack comes from a unique IP address which was not used elsewhere during the hour. I’d like to make 60 pcaps out of this one file, but also include the background traffic as well. There’s no real pattern to when the attacks occur (i.e. there could be 6 in the first minute, […]

Continue Reading »
Apr 17, 2012
tom

syn/ack sequence number confusion

I was looking at some random traffic in wireshark and came across this (using relative seq/ack numbers): 1. myIP -> 74.125.227.96 [SYN] seq=0 2. 74.125.227.96 -> myIP [SYN/ACK] seq=0 ack=1 3. myIP -> 74.125.227.96 [ACK] seq=1 ack=1 4. myIP -> 74.125.227.96 [ACK] seq=1 ack=1 len=14600 5. 74.125.227.96 -> myIP [ACK] seq=1 ack=2921 6. 74.125.227.96 -> myIP [ACK] seq=1 ack=5841 7. myIP -> 74.125.227.96 [ACK] seq=14601 ack=1 len=8760 8. 74.125.227.96 -> myIP [ACK] seq=1 ack=8761 9. […]

Continue Reading »
Pages:123456789»