George A. Kantsios wrote:
> Need a little help and appreciate any guidance and direction you can offer.
> I am trying to sniff packets before and after a cisco VPN adapter on a
> Windows XP box. When I sniff the VPN adapter I see the unencrypted packets.
> When I sniff the physical network dev
Need a little help and appreciate any guidance and direction you can offer. I
am trying to sniff packets before and after a cisco VPN adapter on a Windows XP
box. When I sniff the VPN adapter I see the unencrypted packets. When I sniff
the physical network device, I get almost no traffic, even
Hi list,
We have some software running on normal PCs that communicates with some
embedded devices through a SOCKS proxy. The protocol used is XML-based,
however, I'm having a hard time extracting the text from the messages
in a readable form from wireshark (I'm using 0.99.5).
If I try to exp
On Tue, May 15, 2007 at 05:37:18PM +, Stefan Puiu wrote:
> Thanks for confirming that. Then I've another question: how can I look
> for all DHCP packets where there is an option with value '0x3058' (in
> hex), for example? I can't seem to grasp how the "bootp.options.value
> == " filter is
Sake Blok <[EMAIL PROTECTED]> writes:
> Sounds like something to add as feature-request on bugzilla?
I would certainly say it would be useful.
> bootp.option.type == 53 && bootp.option.value == 01 && bootp.option.type == 55
&& bootp.option.value == 01:03:3a:3b
This line was quite useful, since
Guy Harris <[EMAIL PROTECTED]> writes:
> Unfortunately, not in general - the BOOTP/DHCP dissector doesn't have
> separate named fields for the values of all options it knows about.
Thanks for confirming that. Then I've another question: how can I look
for all DHCP packets where there is an option
On Tue, May 15, 2007 at 06:23:41AM -1100, Hans Nilsson wrote:
> Coudln't he use slices? Something like "frame[30-33] == 1:3:58:59" (in
> hex really but) or what fits his purposes.
The DHCP options might not be in the same order in every frame and also
some variable length fields might be in the fr
Hans Nilsson wrote:
> Coudln't he use slices? Something like "frame[30-33] == 1:3:58:59" (in
> hex really but) or what fits his purposes.
He could, if he knows the *exact* offset from the beginning of the
BOOTP/DHCP packet of the field in question.
That assumes, of course, that it *has* an exact
Coudln't he use slices? Something like "frame[30-33] == 1:3:58:59" (in
hex really but) or what fits his purposes.
On Tue, 15 May 2007 09:51:20 -0700, "Guy Harris" <[EMAIL PROTECTED]>
said:
> Stefan Puiu wrote:
>
> > Is it possible (with this wireshark version) to specify a filter along the
> >
On Tue, May 15, 2007 at 09:51:20AM -0700, Guy Harris wrote:
> Stefan Puiu wrote:
>
> > Is it possible (with this wireshark version) to specify a filter along the
> > lines of "all packets that carry option x with value y"?
> > As far as I can tell, all I can currently specify is "one packet that
Stefan Puiu wrote:
> Is it possible (with this wireshark version) to specify a filter along the
> lines of "all packets that carry option x with value y"?
> As far as I can tell, all I can currently specify is "one packet that
> has one option type x and one option with value y", but not the sa
Hi,
I'm using wireshark 0.99.5 to read a *huge* tcpdump capture file and diagnose
some software problems. I need to do some filtering on DHCP, since I've got
around 65.000 DHCP packets in the capture.
Is it possible (with this wireshark version) to specify a filter along the
lines of "all pack
Hi,
I tried the latest build of Wireshark and it’s solved my issue. Thanks guys
for maintaining such a great tool.
“I wish every tools I’m using was as good as Wireshark, this one is simply the
best.”
===
André Noël
Analyste principal - protocoles
Bel
On Tue, May 15, 2007 at 09:11:13AM -0400, [EMAIL PROTECTED] wrote:
>
> I'm using Wireshark 0.99.5 and I wanted to isolate any frame which the delta
> from the previous is more
>
> than 5 seconds so I used this display filter: frame.time_delta > 5 but it
> doesn't look to work I got
>
> err
andre noel wrote:
> I´m using Wireshark 0.99.5 and I wanted to isolate any frame which the delta
> from the previous is more
> than 5 seconds so I used this display filter: frame.time_delta > 5 but it
> doesn´t look to work I got
> erroneous results. Can it be caused by the fact of the calculatio
Hi,
I'm using Wireshark 0.99.5 and I wanted to isolate any frame which the delta
from the previous is more
than 5 seconds so I used this display filter: frame.time_delta > 5 but it
doesn't look to work I got
erroneous results. Can it be caused by the fact of the calculation is from the
16 matches
Mail list logo
