Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:





/
wireshark logo
Wireshark Mailing List

Discussion of the free and open source Wireshark network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.

List Archives

JanFebMarAprMayJunJulAugSepOctNovDec
2012394261260268227
2011434349425449414462615765363432361261
2010664572679696726480510521517495389343
2009550538370

Latest Posts

Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
Version 1.6.6 should make a distinction between two sessions with the same ip/port combinations. Are you able to post
the file here (if not to big) or else create a bug-report on bugs.wireshark.org? You can also mail me directly if you
want to limit the exposure of the file.

Cheers,
Sake

Re: About the ip address -host name conversion module in wireshark Jim Wright (May 23)
"whois" shows you who the domain is registered to. If you are looking for shell commands rather than library routines,
then "host" or "nslookup" might work for you.

% host wireshark.com
wireshark.com has address 184.172.141.116

% host 184.172.141.116
116.141.172.184.in-addr.arpa domain name pointer seq.sequoiahosting.com.

However, as the example above shows the result you get depends on the reverse DNS entry....

Catching exceptions in dissector_try_heuristic? Jakub Zawadzki (May 23)
Hi,

Should we catch BoundsError, ReportedBoundsError exceptions in dissector_try_heuristic()?
It'll fix once for ever bugs like #7277.

Re: Looking for a developer to code an ANSI/ITU mixed decoding mode Jeff Morriss (May 23)
Jean Gottschalk wrote:

Aww nuts... I already implemented (most of) this for free! (Well, maybe
I can get Anders to buy me a beer at Sharkfest for that ;-).)

In the current trunk (or 1.7.1 if you want a (development) release),
MTP3 has a preference called "Try to determine the MTP3 standard
heuristically". When enabled, MTP3 will try to automatically determine
the MTP3 standard (ANSI, ITU, China, or Japan).

But, this only works...

Re: what does the TCP stream mean in wireshark nangergong (May 23)
Version 1.6.6

Re: About the ip address -host name conversion module in wireshark Jeff Morriss (May 23)
Check out gethostbyname() (or getaddrinfo()) and friends.

nangergong wrote:

Re: what does the TCP stream mean in wireshark Mason, Kevin (May 23)
If you watch a given stream long enough, there will be connection re-use and you will see a sequence of connections.
Also, some windows boxes use TCP TIME-WAIT Assassination, which rapidly reuses tcp ports.
http://blogs.technet.com/b/networking/archive/2010/08/11/how-tcp-time-wait-assassination-works.aspx
---------
~KEM

Thanks! But previously I saw a tcp stream where there are several TCP connections (I mean mutiple SYN-SYN/ACK-ACK...

Re: what does the TCP stream mean in wireshark Sake Blok (May 23)
Those sessions should be treated as separate. This has been implemented a few years ago already. Which version of
Wireshark are you using?

Cheers,
Sake

Looking for a developer to code an ANSI/ITU mixed decoding mode Jean Gottschalk (May 23)
Hello,

we often run traces on our network with MTP3/M3UA packets that are mixed
between ANSI and ITU in the same trace.

In Wireshark, under the MTP3 decoder, we have to select whether to decode
packets as ANSI or ITU, but not both at the same time. When selecting ANSI,
all ITU packets are unreadable, and vice-versa.

I'm assuming that Wireshark is somehow aware that a packet could not be
properly decoded using 1 mode, and if so, it could...

Re: what does the TCP stream mean in wireshark nangergong (May 23)
yes

Re: what does the TCP stream mean in wireshark kcullimo (May 23)
----- Start Original Message -----
Sent: Wed, 23 May 2012 14:56:39 +0200
From: nangergong <nangergong () gmail com>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark

Multiple handshakes wherein the same source & destination ports were re-used?

----- End Original Message -----

Re: what does the TCP stream mean in wireshark kcullimo (May 23)
----- Start Original Message -----
Sent: Wed, 23 May 2012 14:56:39 +0200
From: nangergong <nangergong () gmail com>
To: Community support list for Wireshark <wireshark-users () wireshark org>
Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark

Multiple handshakes wherein the same source & destination ports were re-used?

----- End Original Message -----

Re: what does the TCP stream mean in wireshark nangergong (May 23)
I used a mobile browser in a HTC smartphone to access some websites and I
used wireshark to capture the packets between the mobile browser and the
website servers.

Re: what does the TCP stream mean in wireshark Giles Coochey (May 23)
Or he might have a Layer-2 Spanning Tree Loop...

Re: what does the TCP stream mean in wireshark Boonie (May 23)
Were that packets of a cheap embeded device? Sounds like a buggy TCP stack to me.

----- Original Message -----
From: nangergong
To: Community support list for Wireshark
Sent: Wednesday, May 23, 2012 2:13 PM
Subject: Re: [Wireshark-users] what does the TCP stream mean in wireshark

Thanks! But previously I saw a tcp stream where there are several TCP connections (I mean mutiple SYN-SYN/ACK-ACK
handshakes)

On Wed, May 23, 2012...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]