headers
Martin Visser | 1 Jul 2010 03:03
Picon
Gravatar

Re: SSL or TCP https in capture

Mary,

HTTPS uses SSL as encapsulating and encrypting layer, so for all intents they are the same thing. (It is also often referred to as TLS to make it more confusing).

To see ports clearly in the Packet List pane, you can add a column in the top pane using Edit:Preferences:Column and add the TCP source and/or destination port. (I think this is what you mean by summary).

Alternatively you might be asking how to turn off TCP port name resolution that shows up by default in the "Info" field. In View:Name Resolution just untick "Enable for Transport Layer", and then View:Reload. It will then show TCP port number instead of trying to resolve to service names in the Info field.

Statistics:Conversations:TCP also shows all of the TCP ports used in the whole capture.


Regards, Martin

MartinVisser99-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org


On Thu, Jul 1, 2010 at 5:39 AM, Mary Budarz <mbudarz <at> medred.com> wrote:
Can someone explain to me why some of the packets show the "protocol" SSL and some show TCP when the details show that https was used?
Related question - is there a way to show the port used in the table? (summary view of the capture)
Thanks

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Jaap Keuter | 1 Jul 2010 08:25
Picon
Picon
Favicon

Re: "prepare as filter" causes crash

On 06/30/2010 03:51 PM, Anders Broman wrote:
>
>
> -----Original Message-----
> From: wireshark-users-bounces@...
[mailto:wireshark-users-bounces@...] On Behalf Of Jaap Keuter
> Sent: den 30 juni 2010 15:18
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] "prepare as filter" causes crash
>
> On Tue, 29 Jun 2010 23:32:32 +0200, Anders Broman<a.broman@...>
> wrote:
>> Jim Young skrev 2010-06-29 23:13:
>>> Hello Jaap,
>>>
>>>
>>>>>> Jaap Keuter  06/29/10 4:30 PM>>>
>>>>>>
>>> <snip>
>>>
>>>> Hi Jim,
>>>>
>>>>    Care to comment on the question by Anders on the bug?
>>>>
>>> I would love to -- when I think I can really get my head around that
>>> code.
>>>
>>> Since Sharkfest I've been too busy working WITH Wireshark to work ON
>>> Wireshark!
>>>
>>> Jim Y.
>>>
>> A fix Committed revision 33376.
>> /Anders
>>
>> ... which broke the buildbots :(
>>
>> Jaap
> Which Guy fixed
> "Back out what I suspect were private/not-ready-for-prime-time changes,  not all of the parts of which
were present, causing the build to fail." - Yes, sorry about that.
> I have very ruff POC code to present the dissector tables in a treeview whre you can se the table
> And what dissectors are registered in it e.i what UDP ports are registered forinstance.
> Regards
> Anders

Ah, cool!

Thanks,
Jaap
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Giuseppe Montanarella | 1 Jul 2010 09:11
Picon

VoIP and HFA Siemens

Hi all,
I have the problem to analyse the VoIP traffic from Siemens PBX, when I make a trace a see RTP traffic between PBX and the phone in one way only.

Bye

Giuseppe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Abhishek Gupta | 1 Jul 2010 13:48

Compare two wireshark

Hi,

             I have two PCAP file, both have SIP packets. Now I want to camper these pcap files.  


DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto.
Thank you - OnMobile Global Limited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 6 comments |
headers
Stefaan Pouseele | 1 Jul 2010 14:02
Picon

Question about "bytes in flight"

Hi, 

when examining the field "tcp.analysis.bytes_in_flight" in Wireshark Version
1.2.9 (SVN Rev 33171) it seems Wireshark doesn't always calculate the
correct value. As an example the following two consecutive frames: 

Frame 91 (60 bytes on wire, 60 bytes captured) Ethernet II, Src:
NokiaInt_a5:60:b0 (00:a0:8e:a5:60:b0), Dst: Cisco_bd:9b:8a
(00:25:45:bd:9b:8a)
Internet Protocol, Src: 193.75.143.194 (193.75.143.194), Dst: 85.91.172.251
(85.91.172.251)
Transmission Control Protocol, Src Port: 22862 (22862), Dst Port: exapt-lmgr
(3759), Seq: 1, Ack: 18981, Len: 0
    Source port: 22862 (22862)
    Destination port: exapt-lmgr (3759)
    [Stream index: 3]
    Sequence number: 1    (relative sequence number)
    Acknowledgement number: 18981    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 64240
    Checksum: 0x2ac9 [validation disabled]

Frame 92 (1514 bytes on wire, 1514 bytes captured) Ethernet II, Src:
Cisco_bd:9b:8a (00:25:45:bd:9b:8a), Dst: NokiaInt_a5:60:b0
(00:a0:8e:a5:60:b0)
Internet Protocol, Src: 85.91.172.251 (85.91.172.251), Dst: 193.75.143.194
(193.75.143.194)
Transmission Control Protocol, Src Port: exapt-lmgr (3759), Dst Port: 22862
(22862), Seq: 21901, Ack: 1, Len: 1460
    Source port: exapt-lmgr (3759)
    Destination port: 22862 (22862)
    [Stream index: 3]
    Sequence number: 21901    (relative sequence number)
    [Next sequence number: 23361    (relative sequence number)]
    Acknowledgement number: 1    (relative ack number)
    Header length: 20 bytes
    Flags: 0x10 (ACK)
    Window size: 64240
    Checksum: 0x2a1e [validation disabled]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 91]
        [The RTT to ACK the segment was: 0.000121000 seconds]
        [Number of bytes in flight: 7300] Data (1460 bytes)

To my knowledge the correct value for "Number of bytes in flight" should be
23361 - 18981 = 4380 in this case. That is "Next sequence number" from Frame
92 minus "Acknowledgement number" from frame 91. 

Is this an known issue or I'm missing something? 

Best Regards,
Stefaan

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Manolis Katsidoniotis | 1 Jul 2010 14:11
Picon

Re: Compare two wireshark

what do you mean by "camper"?

On Thu, Jul 1, 2010 at 2:48 PM, Abhishek Gupta <abhishek-jK/j0ei38UVWk0Htik3J/w@public.gmane.org> wrote:

Hi,

             I have two PCAP file, both have SIP packets. Now I want to camper these pcap files.  


DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto.
Thank you - OnMobile Global Limited.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Abhishek Gupta | 1 Jul 2010 15:03

Re: Compare two wireshark

Sorry, typo I means to say compare.

 

From: wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A@public.gmane.org [mailto:wireshark-users-bounces-IZ8446WsY0/dtAWm4Da02A@public.gmane.org] On Behalf Of Manolis Katsidoniotis
Sent: Thursday, July 01, 2010 5:42 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Compare two wireshark

 

what do you mean by "camper"?

On Thu, Jul 1, 2010 at 2:48 PM, Abhishek Gupta <abhishek-jK/j0ei38UVWk0Htik3J/w@public.gmane.org> wrote:

Hi,

             I have two PCAP file, both have SIP packets. Now I want to camper these pcap files.  

 

DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto.
Thank you - OnMobile Global Limited.


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe

 


DISCLAIMER: The information in this message is confidential and may be legally privileged. It is intended solely for the addressee. Access to this message by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, is prohibited and may be unlawful. Please immediately contact the sender if you have received this message in error. Further, this e-mail may contain viruses and all reasonable precaution to minimize the risk arising there from is taken by OnMobile. OnMobile is not liable for any damage sustained by you as a result of any virus in this e-mail. All applicable virus checks should be carried out by you before opening this e-mail or any attachment thereto.
Thank you - OnMobile Global Limited.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Jaap Keuter | 1 Jul 2010 15:43
Picon
Picon
Favicon

Re: Compare two wireshark

Hi,

Compare in what sense?

Should there be a binary compare? (unlikely)
Should there be a packet compare? (maybe, then you can load both files and try to delete duplicates)
Should there be a SIP compare? (possible, then you could load both captures and use VoIP calls and show graph)

Thanks,
Jaap

 

On Thu, 1 Jul 2010 17:18:03 +0530, Abhishek Gupta <abhishek <at> onmobile.com> wrote:

Hi,

             I have two PCAP file, both have SIP packets. Now I want to camper these pcap files.  


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 3 comments |
headers
Bill Meier | 1 Jul 2010 15:52
Favicon

Re: Question about "bytes in flight"

Stefaan Pouseele wrote:
> 
> To my knowledge the correct value for "Number of bytes in flight" should be
> 23361 - 18981 = 4380 in this case. That is "Next sequence number" from Frame
> 92 minus "Acknowledgement number" from frame 91. 
> 
> Is this an known issue or I'm missing something? 
> 

Your calculation would seem correct.

Please file a bug (bugs.wireshark.org) and attach a small capture file 
which shows the problem so it can be looked at.

Thanks

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Jeff Morriss | 1 Jul 2010 16:26
Picon

Re: SSL or TCP https in capture

David Alanis wrote:
> Quoting Mary Budarz <mbudarz@...>:
> 
>> Can someone explain to me why some of the packets show the  "protocol" 
>> SSL and some show TCP when the details show that https  was used?
>> Related question - is there a way to show the port used in the  table? 
>> (summary view of the capture)
>> Thanks
>>
> 
> Some one posted this wonderful document and I would like to take this 
> opportunity to check if they're more like this?
> 
> Extensive videos perhaps?

You might want to check out the links at:

http://wiki.wireshark.org/Presentations
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |

Gmane