Search Results

Search found 8532 results on 342 pages for 'packet examples'.

Page 21/342 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

  • Convert from port numbers to protocol names in wireshark

    - by Berkay
    i'm simply using tshark -r botnet.pcap -T fields -E separator=';' -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport '(tcp.flags.syn == 1 and tcp.flags.ack == 0)' to see the all initiated "legal TCP" connections. However, i need the destination port number conversion to "http" "netbios" etc. i'm not using -n option, but still i get: 128.3.45.128;62259;208.233.189.150;80 This is what i'm trying to get: 128.3.45.128;62259;208.233.189.150;http or 128.3.45.128;62259;208.233.189.150;80;http is better option for me. any idea from tshark users? or any other tool suggestions?

    Read the article

  • OSX 10.6 Cisco IPSEC strange behavior

    - by tair
    I'm trying to connect to Cisco IPSEC VPN of my company over DSL Internet. I managed to successfully connect using Cisco VPN Client, now I'm trying to switch to OSX 10.6 native client, because of licensing issues. The problems is that the connection fails with a dialog box containing the message: The negotiation with the VPN server failed. Verify the server address and try reconnecting. I checked logs: Jun 29 13:10:39 racoon[4551]: Connecting. Jun 29 13:10:39 racoon[4551]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1). Jun 29 13:10:39 racoon[4551]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2). Jun 29 13:10:39 racoon[4551]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2). Jun 29 13:10:39 racoon[4551]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode). Jun 29 13:10:39 racoon[4551]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3). Jun 29 13:10:42 racoon[4551]: IKE Packet: transmit success. (Mode-Config message). Jun 29 13:10:42 racoon[4551]: IKEv1 XAUTH: success. (XAUTH Status is OK). Jun 29 13:10:42 racoon[4551]: IKE Packet: transmit success. (Mode-Config message). Jun 29 13:10:42 racoon[4551]: IKEv1 Config: retransmited. (Mode-Config retransmit). Jun 29 13:10:42 racoon[4551]: IKE Packet: receive success. (MODE-Config). Jun 29 13:10:42 configd[19]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.1.107), current interface setting (name: u92.168.54.147, subnet: 255.255.255.0, destination: 192.168.54.147). Jun 29 13:10:42 configd[19]: network configuration changed. Jun 29 13:10:42 vmnet-bridge[111]: Dynamic store changed Jun 29 13:10:42 named[62]: not listening on any interfaces Jun 29 13:10:58: --- last message repeated 1 time --- Jun 29 13:10:58 configd[19]: SCNCController: Disconnecting. (Connection tried to negotiate for, 16 seconds). Jun 29 13:10:58 racoon[4551]: IKE Packet: transmit success. (Information message). Jun 29 13:10:58 racoon[4551]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). Jun 29 13:10:58 racoon[4551]: Disconnecting. (Connection tried to negotiate for, 19.113382 seconds). Jun 29 13:10:58 named[62]: not listening on any interfaces Jun 29 13:10:58 vmnet-bridge[111]: Dynamic store changed Jun 29 13:10:58 named[62]: not listening on any interfaces Jun 29 13:10:58 configd[19]: network configuration changed. Then I opened Terminal, started pinging a server behind VPN, and tried to connect again. Now connection is OK! Logs this time: Jun 29 13:46:53 racoon[8136]: Connecting. Jun 29 13:46:53 racoon[8136]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1). Jun 29 13:46:53 racoon[8136]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2). Jun 29 13:46:53 racoon[8136]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2). Jun 29 13:46:53 racoon[8136]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode). Jun 29 13:46:53 racoon[8136]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3). Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Mode-Config message). Jun 29 13:46:56 racoon[8136]: IKEv1 XAUTH: success. (XAUTH Status is OK). Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Mode-Config message). Jun 29 13:46:56 racoon[8136]: IKEv1 Config: retransmited. (Mode-Config retransmit). Jun 29 13:46:56 racoon[8136]: IKE Packet: receive success. (MODE-Config). Jun 29 13:46:56 configd[19]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.1.107), current interface settinaddress: 192.168.54.149, subnet: 255.255.255.0, destination: 192.168.54.149). Jun 29 13:46:56 vmnet-bridge[111]: Dynamic store changed Jun 29 13:46:56 named[62]: not listening on any interfaces Jun 29 13:46:56 configd[19]: network configuration changed. Jun 29 13:46:56 named[62]: not listening on any interfaces Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Jun 29 13:46:56 racoon[8136]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Jun 29 13:46:56 racoon[8136]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Jun 29 13:46:56 racoon[8136]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Jun 29 13:46:56 racoon[8136]: Connected. Jun 29 13:46:56 configd[19]: SCNCController: Connected. I tested it several times and it consistently behaves the same. What is the magic?

    Read the article

  • Convert from port numbers to protocol names ?

    - by Berkay
    i'm simply using tshark -r botnet.pcap -T fields -E separator=';' -e ip.src -e tcp.srcport -e ip.dst -e tcp.dstport '(tcp.flags.syn == 1 and tcp.flags.ack == 0)' to see the all initiated "legal TCP" connections. However, i need the destination port number conversion to "http" "netbios" etc. i'm not using -n option, but still i get: 128.3.45.128;62259;208.233.189.150;80 This is what i'm trying to get: 128.3.45.128;62259;208.233.189.150;http or 128.3.45.128;62259;208.233.189.150;80;http is better option for me. any idea from tshark users? or any other tool suggestions?

    Read the article

  • SMTP port open - but not open

    - by Frederik Nielsen
    As some of you might know, I am setting up an exchange server. Now I ran into another problem: I cannot connect to the SMTP service from outside the server! The ports are opened in the gateway device (a ZyXEL USG50), Windows firewall is off. I see the packets travekl through the ZyXEL firewall, and I can also see the packets with wireshark on the server, so I know they are getting all the way in to the server. I also know it receives them, and sends out the reply - and this is where things go bad! Analyzing with wireshark, I get these errors in the return packets: Header checksum: 0x0000 [incorrect, should be 0x0779 (may be caused by "IP checksum offload"?)] And: Acknowledgment Number: 0x8e3337d1 [should be 0x00000000 because ACK flag is not set] What the (sorry my French) hell is going on? I really cant figure it out.. Thanks in advance.

    Read the article

  • Software to capture the packets in an MPEG Transport Stream

    - by Crippledsmurf
    I have a DVB-T capture card and would like to capture the packets from the MPEG stream it receives so i can analyse them just for a bit of fun and learning I've googled and found a lot of converters and software to capture the video from these streams but very little in the area of capturing raw data from a stream. What software exists that can capture and dump the MPEG stream from a tuner?

    Read the article

  • Suddenly blocked from a site

    - by Diego Romero
    Suddenly from a time to now I haven't been able to go to a site I used to go frequently for maintenance (Wordpress). I tried different browsers, restarting my laptop, clearing cache, history, cookies. Also did a ping to the site ip, go 4 packets send and 4 lost. This is a problem I think with only my laptop, since I've been able to go into the site from other devices in the same network. I have also tried connecting to the same site from a completely different network with the same problem. I really don't know what to do about this, any advices? PS: site hosted in wp engine if that has anything to do with this problem.

    Read the article

  • "tshark: There are no interfaces on which a capture can be done" in Amazon Linux AMI

    - by user1264304
    My goal is to capture packets with tshark in Amazon Linux AMI. While typing tshark in the command line there's an error: "tshark: There are no interfaces on which a capture can be done" How to implement the solution from Wireshark setup Linux for nonroot user $ sudo apt-get install wireshark $ sudo dpkg-reconfigure wireshark-common $ sudo usermod -a -G wireshark $USER $ gnome-session-quit --logout --no-prompt in Amazon Linux AMI (it's not Ubuntu)? Thanks.

    Read the article

  • Forwarding wifi traffic to wired pc

    - by brydgesk
    I'm trying to play around with Wireshark on my home network, and was wondering if there is a way to create a new connection on my PC that receives all wifi packets on the network. The PC is a wired Windows 7 machine, and I'm using DD-WRT on an Asus RT-N16 router. I'm not trying to hack anything, I have full admin access to the router itself. My searching has led me to articles about client bridges and repeater bridges, but none of them seemed to apply entirely to my situation. I'd like to continue using my standard wifi connection, but make my PC act as a repeater that receives all wifi traffic. Again, the PC has no wireless connection. I've used tcpdump which is installed on the router itself, but I'd be more comfortable analyzing the packets in Windows, as I'm trying to learn Wireshark. Thanks

    Read the article

  • capture nimbuzz traffic

    - by lurscher
    I need to capture all the traffic, specially during login, between nimbuzz pc client and nimbuzz server. The reason is that i need to debug outgoing packets at login that mark the user visibility status in order to reproduce them in a in-house XMPP client application I've tried doing this with wireshark, but i seem to be pretty helpless with this tool. Also, the packets i've been able to see are all before the SASL negotiation happens, after that, i cannot see the xml packets being exchanged any help for how to achieve this task is greatly appreciated (preferably on Windows, since there is no nimbuzz client for linux, in any case i can install one in a VM and monitor the traffic between the VM instance in the linux host)

    Read the article

  • Does a bad Internet connection increase bandwidth usage?

    - by Synetech
    My (Rogers) cable connection has been pretty bad recently (channels 3 and 10 are particularly fuzzy—it’s analog, not digital cable). Not surprisingly, this has caused my cable modem to drop out and have to reestablish a connection a couple of times since it started. The poor connection of course means higher corruption (not necessarily dropped per se) which causes the TCP/IP stack to have to retransmit packets more often. Reduction of bandwidth throughput aside, I got to wondering if it increases the actual bandwidth usage. That is, if there is a high error rate on the line causing packets to have to be retransmitted: Does this increase a bandwidth monitoring program’s numbers? Does the ISP count the retransmitted packets toward the monthly cap? Based on what I remember from my university networking courses and common sense, I have a feeling that the answer to both questions is yes, but I cannot reliably measure the first, and have no authoritative answer for the second. I’m wondering if maybe the retransmitted packets are acknowledged as being duplicates and thus not counted somewhere along the line.

    Read the article

  • Wireshark does not see interfaces (winXP)

    - by bua
    Short story: Wireshark is working....on my winXP-32b ... usage .... Long long time later Wireshark does not work It can't find any usefull interface (just VPN) ipconfig /all Ethernet adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card Physical Address. . . . . . . . . : SOME VALID MAC Ethernet adapter eth0: Connection-specific DNS Suffix . : xxxx Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller Physical Address. . . . . . . . . : SOME VALID MAC Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.12.68 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168..... ..... Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Fortinet virtual adapter Physical Address. . . . . . . . . : SOME VALID MAC Following steps didn't help: Several Wireshark re-installation Several LIBPCAP re installation SP3 for winXP Any ideas welcome.

    Read the article

  • Download videos from youtube as I see it

    - by Sab
    This may seem a somewhat strange requirement : I want to download youtube videos as I see it. I know that I would have to capture the packets using a program like wireshark , and I do know that this is possible. So lets say I have 3 computers on my network and 1 smartphone. Lets say I view a youtube video on my phone. I now want this video to be recorded on any one of the computers so that I can see it later(record in the sense capture the packets so that I dont have to download it again and waste my bandwidth). Are there any programs which will do this for me? The reason I want this is I use IMediaShare to view youtube videos on my Tv. Now once I see a video if I want to see it at a later point of time I have to download the entire video again.

    Read the article

  • Inaccurate bandwidth limiting in altq queues

    - by overkordbaever
    I'm setting up an environment where I have one Linux server, one OpenBSD router and one Linux client and I want to be able to limit how much bandwidth the client should be able to use. I've been performing these tests with "netcat" and "time" (using time to measure the time of the transfer with netcat), and what happens when trying these tests (using the TCP protocol, the queues will for some reason not work with UDP) is that the queues aren't exact at all. For example: when setting a bandwidth limit of 10mbit, the client cannot use more than five mbits, when setting a limit of 100mbit, the client cannot use more than around 50mbit. The config looks like (using a 100mbit limit in the example): #queue rules altq on { $int_if, $ext_if } cbq bandwidth 100Mb queue { def, low } queue def bandwidth 0Mb cbq(default) queue low bandwidth 100Mb cbq(default) #Passrules test pass out quick from $int_if to $ext_if queue low pass in quick from $ext_if to $int_if queue low pass out quick from $ext_if to $int_if queue low pass in quick from $int_if to $ext_if queue low

    Read the article

  • Why do some machines respond with many RST packets instead of RST-ACK to refuse a connection?

    - by Michael J. Gray
    I have recently been trying to track down a problem with one of our systems and have noticed that it is simply not allowed to connect to a remote machine. However, the remote machine (not controlled by us) is responding to our request for a connection with many TCP RST packets on a different port (26469, 26497, 26498) than the one we originated on (53). It simply wouldn't let up at one point and flooded us with about 10 packets/second for an hour or two of only RST on those obscure high ports. Out of the thousands of nodes we're connecting to, this is the only one ever to show this behavior. What could possibly cause this? EDIT Below is a screenshot of Wireshark when it happened. I don't have the actual dump anymore and can't reproduce this specific scenario every time. Basically, we sent a SYN and immediately got RST on an odd port and so we respond with RST and just keep going back and forth.

    Read the article

  • How does badBIOS jumps airgaps?

    - by Ash
    I was reading this article from Ars on badBIOS and came across this line which states the malware, has the ability to use high-frequency transmissions passed between computer speakers and microphones to bridge airgaps. and wondered if this attack vector was possible ? Not only me , but all other readers were wondering if this had any logical explanation.Can a computer transmit packets via high-frequency sounds broadcast over speakers ?

    Read the article

  • How do I view the location of an swf file that is obfuscated somehow.

    - by atticus
    Specifically, I'm trying to view Elmo's Keyboard-o-rama fullscreen. The original swf file has been moved and obscured. For a toddler, this game really needs to be full screen! The toddler doesn't mind too much and has already lost interest in the game for the day. But it's just driving me crazy. I've tried the usual method of viewing the page info in Firefox to no avail. And before people start trying to delete this for being game specific, I would like to know how to do this for any obfuscated swf location, not just games. Thanks in advance. If anybody knows how to find the appropriate information in tcpdump or wireshark, that could probably help, too. That's what I'm trying to do right now.

    Read the article

  • aireplay - reading but not sending

    - by oneat
    I'm trying aircrack injection, everything is working I authenticated, but aireplay is not working aireplay-ng -3 -b 00:12:2A:01:74:05 -h 78:e4:00:87:71:8b mon0 18:53:03 Waiting for beacon frame (BSSID: 00:12:2A:01:74:05) on channel 7 Saving ARP requests in replay_arp-0817-185303.cap You should also start airodump-ng to capture replies. Read 4988 packets (0 ARPs, 4 ACKs), sent 0 packets...(0 pps) Why isn't it working? Why isn't it sending packets? 03:00.0 Network controller: Atheros Communications Inc. AR928X Wireless Network Adapter (PCI-Express) (rev 01) I tested injection on injection test in aircrack tutorial, despite driver wasn't patched.

    Read the article

  • Is there a decent diagram of packet flow for a modern era (2.6+) iptables setup?

    - by stsquad
    I'm currently trying to debug a particularly hairy set of DNAT based iptables rules (the UDP reply never makes it back to the original requester) and I'm struggling to visualise the packet flow through all the numerous tables involved. So far Google'ing has shown me old 2.4 based ipchains ones. The netfilter site has some good text docs but is short on diagrams and a number of the external links are now dead. So is there a canonical diagram for iptables packet flow, preferably showing how NAT/Masqueraded packets are also dealt with?

    Read the article

  • Handling early/late/dropped packets for interpolation in a 3D multiplayer game

    - by Ben Cracknell
    I'm working on a multiplayer game that for the purposes of this question, is most similar to Team Fortress. Each network data packet will contain the 3D position of the target moving object. (this object could be another player) The packets are sent on a fixed interval, and linear interpolation will be used to smooth the transition between packets. Under normal circumstances, interpolation will occur between the second-to-last packet, and the last packet received. The linear interpolation algorithm is the same as this post: Interpolating positions in a multiplayer game I have the same issue as in that post, but the answers don't seem like they will work in my situation. Consider the following scenario: Normal packet timing, everything is okay The next expected packet is late. That's okay, we'll just extrapolate based on previous positions The late packet eventually arrives with corrections to our extrapolation. Now what do we do with its information? The answers on the above post suggest we should just interpolate to this new packet's position, but that would not work at all. If we have already extrapolated past that point in time, moving back would cause rubber-banding. The issue is similar in the case of an early or dropped packet. So I believe what I am looking for is some way to smoothly deal with new information in an ongoing interpolation/extrapolation process. Since I might be moving on to quadratic or even cubic interpolation, it would be great if the same solutiuon could be applied to those as well.

    Read the article

  • Wincap capture filtering expression syntax

    - by cpx
    How would specify a syntax for filtering tcp server port with its ip address? const char *packet_filter = "tcp src port 2054"; bpf_u_int32 netmask; bpf_program fcode; if (d->addresses != NULL) /* Retrieve the mask of the first address of the interface */ netmask=((struct sockaddr_in *)(d->addresses->netmask))->sin_addr.S_un.S_addr; else /* If the interface is without an address we suppose to be in a C class network */ netmask=0xffffff; //compile the filter if (pcap_compile(adhandle, &fcode, packet_filter, 1, netmask) < 0) { fprintf(stderr,"\nUnable to compile the packet filter. Check the syntax.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; } //set the filter if (pcap_setfilter(adhandle, &fcode) < 0) { fprintf(stderr,"\nError setting the filter.\n"); /* Free the device list */ pcap_freealldevs(alldevs); return -1; }

    Read the article

  • Scapy PcapReader and packets time

    - by auino
    I'm reading a PCAP file using Scapy using a script such as the (semplified) following one: #! /usr/bin/env python from scapy.all import * # ... myreader = PcapReader(myinputfile) for p in myreader: pkt = p.payload print pkt.time In this case the packets time is not relative to PCAP capture time, but starts from the instant I've launched my script. I'd like to start from 0.0 or to be relative to the PCAP capture. How can I fix it (possibly without "manually" retrieving the first packet time and repeatedly using math to fix the problem)?

    Read the article

  • PCAP Web Service Usage Logging for Dummies

    - by nick
    I've been assigned the task (for work) of working with PCAP for the first time in my life. I've read through the tutorials and have hacked together a real simple capture program which, it turns out, isn't that hard. However, making use of the data is more difficult. My goal is to log incomming and outgoing web service requests. Are there libraries (C or C++) that stitch together the packets from PCAP that would make reporting on this simple? Baring that is there something short of reading all of the RFC's from soup to nuts that will allow me to have an "ah-ha!" moment (all of the tutorials seem to stop at the raw packet level which isn't useful for me)? It looks like PERL has a library that may do this and I may eventually attempt a reverse engineer from PERL. NOTE BENE: Web Server logs aren't acceptable here as I will be intercepting on a routing device. If I had access to those I'd be done and happy...I don't.

    Read the article

  • Capture IP packets on Dialup connection - Windows 7

    - by Assaf Levy
    Our product utilizes (the wonderful) Winpcap to capture ip packets from all devices with an IP address and analyze them in real time. Unfortunately, we discovered that it does NOT capture any packets on dialup (e.g. PPP) connections on Windows 7, and that there are no near-term plans for enabling this (1). So we need something else. Microsoft Network Monitor and Windows Packet Filter are two options that surfaced during a bit of googling, but before delving into research I wanted to ask the experienced: what are out options, given the following requirements: Capture all in/outbound IP packets on the machine. Complete background processing - no UI should be involved. Support Windows Vista / 7. Performance (user should not feel the difference). Thanks in advance.

    Read the article

  • Are There Any Examples of Uncle Bob's High-Falutin' Architecture?

    - by Jordan
    I just finished watching this presentation by Uncle Bob (as well as his "Architecture" section of his "Clean Code" videos), but I'm left wondering: Are there any examples out there of applications that implement this Entity-Boundary-Interactor (or Entity-Boundary-Controller) structure? At one point I downloaded the source code to FitNesse (the acceptance testing project he mentions often as an example of not only high test coverage but good architecture, since they were able to defer the decision to not use a database until the very end), and based on a quick glance of it it appears even this project doesn't seem to fit this pattern. Are there any nontrivial examples of this architecture out in the wild, or should I not bother even looking into it and chalk it up as "it would be great if you could get there, but nobody really does"?

    Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >