search for: tshark

Hi Michal, Thank you for your suggestion. My apologies that I took sometime to get back on further confirmation. Regrettably, my tshark is still unable to find libvirt payload inside packet capture, though it lists libvirt as a possible filter. # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64 /usr/lib64/wireshark/plugins/1.12.5/libvirt.so As I used wireshark 1.12.6 version, I created 1.12.6 directory under pl...

Hi folks, I''m new to Xen so apologies if this is a stupid question. Setup is as follows: Dom0 and DomU''s running Hardy Heron Kernel 2.6.24-16-xen Xen version 3.0 My problem is I want to run TShark on DomU to see packets sent to eth0 on Dom0. TShark on Dom0 can see packets sent to DomU on eth0 but DomU cannot see packets sent to Dom0 on eth0. I know the eth0 on DomU is a different eth0 (virtual interface) than the eth0 on Dom0. Is there some bridging that I need to set up or will setting up...

...t. Regards, Gowrishankar On Thursday 07 January 2016 03:51 PM, Michal Privoznik wrote: > On 07.01.2016 08:05, gowrishankar wrote: >> Hi Michal, >> Thank you for your suggestion. My apologies that I took sometime to get >> back >> on further confirmation. Regrettably, my tshark is still unable to find >> libvirt payload >> inside packet capture, though it lists libvirt as a possible filter. >> >> # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64 >> /usr/lib64/wireshark/plugins/1.12.5/libvirt.so >> >> As I used wi...

Hi, i'm trying to analyze kerberos traffic using tshark (Samba 4.8.1 on Centos 7). I can't figure out how to extract keytab with password/keys. I follow precisely the instructions at https://wiki.samba.org/index.php/Keytab_Extraction But it seems like I only get slot, kvno and principal, can't find a way to get passwords or keys. Any idea someon...

...rs. #2-3. All callers call public phone number and they all come in to asterisk from Callcentric context.When we call out - it goes out through Callcentric SIP trunk. When we dial internal each others extensions there is no NAT, trunk or anything else and all works just fine... Debugging with "tshark" should be done on Asterisk machine I asume? Thank you! On Thursday 28 February 2019 at 00:26:17, Ivan Demkovitch wrote: > Asterisk is NOT exposed to internet, noone connects to Asterisk> from internet. We use Callcentric for VOIP trunk. That's the point where you lost me. Callce...

...ocols for a work I have to present at > the university, > and for me to really understand how it works, I try to put in in > practice. So I was reading > http://www.kerberos.org/software/tutorial.html and tried to track > packets... I was hoping this command, run on my kdc > > tshark -r kerberos.pcap -Y frame.number==10 -O kerberos -K > decode.keytab (n° 10 is AS-REP NT in this case) > > would let me see the actual content of the TGT, and so on with further > exchanges > and other encrypted parts. The whole idea behind kerberos is that it is supposed to be sec...

...21.x86_64 Earlier, just after installation, I noticed libvirt.so available only in /usr/lib64/wireshark/plugins/1.12.5/ . Wireshark could not load libvirt plugin. So, I copied above .so into 1.12.6/ under same plugins folder, following it wireshark could list libvirt as supported protocol. tshark -G protocols | grep libvirt Libvirt libvirt libvirt However, on checking with some pcaps which has libvirt RPC calls captured on wire, wireshark does not list libvirt RPC packets, as I search for "libvirt" protocol in pcap. Have anyone experienced this before or if you have a...

On Fri, 2017-02-17 at 11:11 +1300, Gary Lockyer wrote: > Script to provide an anonymous summary from tshark > > The tshark command needs to output a PDML XML stream, which this > command > will read. The summary is intended not to expose private or customer > data while allowing a good view on the range and frequency of the > network traffic. The script Gary posted, which is available...

On 07.01.2016 08:05, gowrishankar wrote: > Hi Michal, > Thank you for your suggestion. My apologies that I took sometime to get > back > on further confirmation. Regrettably, my tshark is still unable to find > libvirt payload > inside packet capture, though it lists libvirt as a possible filter. > > # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64 > /usr/lib64/wireshark/plugins/1.12.5/libvirt.so > > As I used wireshark 1.12.6 version, I cre...

...; > On Thursday 07 January 2016 03:51 PM, Michal Privoznik wrote: >> On 07.01.2016 08:05, gowrishankar wrote: >>> Hi Michal, >>> Thank you for your suggestion. My apologies that I took sometime to get >>> back >>> on further confirmation. Regrettably, my tshark is still unable to find >>> libvirt payload >>> inside packet capture, though it lists libvirt as a possible filter. >>> >>> # rpm -ql libvirt-wireshark-1.2.9.3-2.fc21.x86_64 >>> /usr/lib64/wireshark/plugins/1.12.5/libvirt.so >>> &gt...

Hi All Yesterday i had installed wireshark on my centos box which does not have the GUI , It is actually a hardened box. I installed the tool using the following command: yum install wireshark After installation i dont know how to proceed further in capturing the packets. I basically want to capture packets and copy them onto my windows box. On the windows box i can use the Wireshark UI to

...ted via LACP with vlan > tagging to a pair of stacked cisco 3750's. Host networking config is here: > > http://dpaste.com/1Q6NY3Y > > The vm is on br99 here. > > This is easily reproducable by just generating a 250mb random file and doing > an scp, while watching with tshark: > > tshark -R "tcp.analysis.retransmission" > > There's no visible impact to the connection the vast majority of the time, > which is why I think this has gone unnoticed. > > Just to confirm this wasn't related to hardware / nics, I've reproduced this...

...when it was working in the previous configuration > (with br1 and br1.600). > > I test multicast using a multicast test app, binding the receiver to > br1 on one host (192.168.0.120) and then binding the sender on br1 on > another host (192.168.0.110). I also start an instance of tshark on > each host to check which packets are being sent across. The multicast > packets are seen by tshark to be crossing the bridge but for some > reason the receiver app does not receive them. The bridges also have > the multicast_querier and multicast_snooping flags enabled (e.g. fo...

Hi, I'm trying this setup where an stunnel4 (listening for clients on port 16514) connects to an unencrypted libvirt backend (on port 16509). When I point the virsh client to stunnel4 it hangs. Looking via tshark: 1. virsh completes ssl handshake with stunnel4 2. stunnel4 completes tcp handshake with libvirt. and that's all. When connecting virsh client directly to libvirt (this time encrypted) tshark shows: 1. virsh completes ssl handshake with libvirt (change cypher spec at the end) 2. libvirt sen...

Hi All, Was troubleshooting some odd VM network issues and discovered that we're seeing dropped packets + retransmissions across multiple domU OS's and dom0 hardware platforms. xendev01 ~ # tshark -R "tcp.analysis.retransmission " -i vif7.0 Running as user "root" and group "root". This could be dangerous. Capturing on vif7.0 3.054257 xxx.xxx.xxx.196 -> xxx.xxx.xxx.145 SSH 110 [TCP Fast Retransmission] Encrypted response packet len=44 3.061949 xxx.xxx....

Hi Laine What you have suggested sounds eminently reasonable. Thanks for your advice. I'm going to give it a shot and report back. Richard On 11/27/19 1:38 PM, Laine Stump wrote: > On 11/26/19 11:07 PM, Richard Achmatowicz wrote: >> Hello >> >> I have a problem with attaching VMs to a VLAN interface. >> >> Here is my setup: I have several physical hosts

...ved the server from Domain the error i get when i try to access shared resources from run is http://3.bp.blogspot.com/-z_PiUex9rI8/Tvll0M4Q0FI/AAAAAAAAAHQ/zxpHzca90bs/s1600/error.jpg. and now I am not facing any issue as of now Below is the wireshark log when i am attempting to join the domain. $ tshark host 192.168.1.253 Running as user "root" and group "root". This could be dangerous. Capturing on eth0 0.000000 192.168.1.253 -> 192.168.10.16 DNS 89 Standard query 0xb88b SRV _ldap._tcp.dc._msdcs.ik.local 0.000176 192.168.10.16 -> 192.168.1.253 DNS 112 Standard qu...

...s the bridge interface, when it was working in the previous configuration (with br1 and br1.600). I test multicast using a multicast test app, binding the receiver to br1 on one host (192.168.0.120) and then binding the sender on br1 on another host (192.168.0.110). I also start an instance of tshark on each host to check which packets are being sent across. The multicast packets are seen by tshark to be crossing the bridge but for some reason the receiver app does not receive them. The bridges also have the multicast_querier and multicast_snooping flags enabled (e.g. for br1 on both hosts...

Hello, This is not technical post, just looking for suggestions on what to check.I have asterisk for long time, no updates, just maintain OS updates. I use SPA504G phones Very rarely and randomly when we pickup a phone - other side does not hear us. Call them back and all works. Now I have couple people I'm talking to and it seems like very call like this. Someone can't hear someone.

On Mon, 15 Jan 2018, Aurélien Aptel wrote: > "Barbara M. via samba" <samba at lists.samba.org> writes: >> Anyway, tried your hint. >> No difference for the specific win 10 client. Still can't connect. >> All other Win 10 and the 2016 tested still works as usual. >> smbstatus still reports the "strange" rows: > > Try looking at a