All Questions
22 questions
0
votes
1
answer
2k
views
Why can't wireshark see local interfaces?
I'm experiencing some strange network errors on my local machine (MS-Windows 10 Enterprise 22H2). These also manifest in a WSL container running on the machine (but not on any other device on the same ...
- 23.4k
0
votes
0
answers
346
views
Checking for port exhaustion using WireShark
We have been having some rare port exhaustion issues on our computers. We deployed a little netstat monitoring app that tracks the amount of TIME_WAIT statuses per application and notifies us if there ...
0
votes
0
answers
43
views
Can't track applications network communication under same machine
I have a network application environment of 7 applications communicating with eachother through UDP and TCP. All of them using either the machine's local network IP or 127.0.0.1 (localhost) to listen ...
- 101
-1
votes
1
answer
138
views
Dumpcap - Ram still reserved after stop
System: Win 10 Pro and latest updates (Sept. 2020) 64Bit.
Problem: Using dumpcap (Dumpcap (Wireshark) 3.2.5 (v3.2.5-0-ged20ddea8138)) with a ringbuffer reserves RAM even after closing the dumpcap.exe. ...
- 109
1
vote
2
answers
447
views
Record SSH commands sent to a Mac from Windows
I've got a bit of a puzzler - I am an administrator on both a Windows 10 and a Mac Catalina machine.
The Windows machine is currently running software that has a known bug - SSH commands are sent to ...
- 63
2
votes
0
answers
4k
views
Fatal error TLS client credential
I have disabled SSLv3, TLS1.0 and 1.1 on a Windows 10 domain joined laptop, I also disabled triple DES 168 and MD5 to comply with our PCI scans and since then the system logs are full of the same ...
- 21
0
votes
1
answer
1k
views
Capture packets on loopback
I'm running web service on my windows 10 machine. I decided to look at the packets between my service and client running on the same machine by using Wireshark. I know that it is not possible to get ...
- 99
3
votes
1
answer
853
views
Where in the Windows networking stack do WinPcap/Npcap hook/filter to "listen" for packets?
I'm investigating an issue with a process that performs IPC via a socket. The socket is served on the local machine's NIC's IP, and the connection is made to the local machine's NIC's IP from another ...
- 1,850
1
vote
0
answers
761
views
Traffic to and from mongodb using SSL is still visible in wireshark in plaintext
EDIT: There was nothing wrong. I was an idiot. The below settings are
correct.
I've set up an instance of mongodb (3.4) on windows, configured like this:
net:
port: 27017
ssl:
mode: ...
- 171
0
votes
1
answer
23k
views
Wireshark doesn't detect any of my interfaces
I know this question has been asked on ServerFault and Stackoverflow but none of the discussions and solutions have worked for me. (Not linking to the question directly as I can only post 2 links at ...
- 21
2
votes
0
answers
534
views
is the disconnection caused by too many TCP Dup Ack?
I am investigating a service disconnection issue and I am a bit confused by some of the Wireshark logs. Need some help to find out how the disconnection was caused.
Ideally when A sends an ACK to B ...
- 21
3
votes
2
answers
2k
views
Windows Server FIrewall (2012) Ipsec tunnel problems
I am new to Ipsec tunnels. I have successfully created a tunnel to a Cisco offsite router using a preshare key at a supplier.
In Endpoints 1 : I have the servers ip address and the remote servers ip ...
- 91
26
votes
6
answers
79k
views
isolate application and check what packets it is sending over the internet
I am not sure that this sort of question is appropriate here, so forgive me if I'm wrong.
Here is a problem:
I want to see what a specific program is sending to the internet, but the thing is that on ...
- 965
-3
votes
1
answer
116
views
Inspecting the E-mail traffic of a Windows Server 2008 R2 [closed]
I have seen that the IP address of my mail server has added to blocked IP address list on http://psbl.org. I am using this server for personal use. So, it is not that much of an issue that I am, as a ...
- 945
0
votes
2
answers
24k
views
NBSS Continuation Message - Wireshark - Definition?
Looking at a capture and seeing a "NBSS Continuation Message" port 445, but I cannot find any reference anywhere to what this might mean.
I assume it's a normal message for the NetBIOS Session ...
- 272
2
votes
1
answer
3k
views
Debugging slow SMB packets from a specific desktop client
I'm having some serious problems locating a slowdown, and I hope you could assist me with this.
We have an office network with ~50 clients and a main file server running Windows Server 2008 R2 ...
- 121
2
votes
1
answer
22k
views
Why can't I start the WinPCap npf service when I'm the administrator?
I recently installed Wireshark on a Win 7 host, but now it won't let me start the NPF service. I get:
C:\Windows\system32>net start npf
System error 5 has occurred.
Access is denied.
That's ...
- 841
0
votes
2
answers
278
views
SYN packets sent from one server but never arrives at destination
I am troubleshooting network problems for a client, remotely. The problem they have is that they get "connection timed out" occasionally between a web server and and a back-end search server. They can ...
- 111
2
votes
3
answers
9k
views
Wireshark won't pick up packets sent from localhost to localhost via network [duplicate]
I'm running on Windows and trying to get Wireshark to pick up my network traffic. It picks up all outbound and inbound traffic fine, except for a client/server I'm running on my local system. As it is,...
- 227
3
votes
3
answers
19k
views
How can I configure Wireshark to list my dial up connection as a possible capture interface?
I am trying to monitor traffic coming into to my machine via an incoming dialup connection.
I am using Wireshark with WinPCap 3.1 ( I rolled back to 3.1 from 4.0 because I read that this was the ...
BeeBand
2
votes
2
answers
5k
views
Not seeing all Traffic with Wireshark and Windows
I just installed wireshark on a windows machine, when I run the capture, I do see traffic, but not all. I am VNC'd into the box and see no VNC traffic, If I ping something from the box, I can see it. ...
- 85.1k
2
votes
1
answer
1k
views
Debugging network traffic on local Windows machine
A customer running Windows is having issues with two server components that communicate with each other using TCP. Normally the two components live on two separate server, so Wireshark lets me easily ...
- 417