Wireshark-users: Re: [Wireshark-users] Wireshark-users Digest, Vol 53, Issue 21
From: "Wojkovich, Richard" <Richard.Wojkovich@xxxxxxxxxxxxxxxx>
Date: Wed, 27 Oct 2010 16:38:43 -0500
Thanks, my apology. Rick Wojkovich -----Original Message----- From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of wireshark-users-request@xxxxxxxxxxxxx Sent: Wednesday, October 27, 2010 2:00 PM To: wireshark-users@xxxxxxxxxxxxx Subject: Wireshark-users Digest, Vol 53, Issue 21 Send Wireshark-users mailing list submissions to wireshark-users@xxxxxxxxxxxxx To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request@xxxxxxxxxxxxx You can reach the person managing the list at wireshark-users-owner@xxxxxxxxxxxxx When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Re: Finding out Stats about users machine (Jaap Keuter) 2. Re: Windows 7 and Wireshark any release (Jaap Keuter) 3. Re: Analyzing many pcap files with tshark (Stephen Fisher) 4. Re: Analyzing many pcap files with tshark (Maverick) 5. Re: Analyzing many pcap files with tshark (Guy Harris) 6. SNMP Mibs for Cisco? how to use them on WUG 11.0.1 (Wojkovich, Richard) 7. Re: SNMP Mibs for Cisco? how to use them on WUG 11.0.1 (Jaap Keuter) 8. Re: Analyzing many pcap files with tshark (Maverick) ---------------------------------------------------------------------- Message: 1 Date: Tue, 26 Oct 2010 21:20:12 +0200 From: Jaap Keuter <jaap.keuter@xxxxxxxxx> Subject: Re: [Wireshark-users] Finding out Stats about users machine To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <4CC729EC.9010206@xxxxxxxxx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 10/26/2010 04:43 PM, Maverick wrote: > Is there anyway in wireshark to figure out from the network traces if > the machine has firewall installed? Aand if it is installed can I > determine if it is being updated ? > Thanks > MAK > Hi, Well, if you know that certain attack vectors come into that machine, you can see if and how it responds. That behavior is influenced by a firewall, hence could be deduced from it. An update, if done through the captured interface, may be visible when an update site is accessed. In short; possible? somewhat, easy? not really. Thanks, Jaap ------------------------------ Message: 2 Date: Tue, 26 Oct 2010 21:22:56 +0200 From: Jaap Keuter <jaap.keuter@xxxxxxxxx> Subject: Re: [Wireshark-users] Windows 7 and Wireshark any release To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <4CC72A90.9030409@xxxxxxxxx> Content-Type: text/plain; charset=windows-1252; format=flowed On 10/26/2010 07:17 PM, Guy Harris wrote: > > On Oct 26, 2010, at 6:45 AM, Giel Oberholster (ZA) wrote: > >> I am having problems when using Wireshark with Windows 7. Whenever I sniff a VOIP G.711A call with Wireshark, the packets are not seen by Wireshark as G.711A but as UDP. Even if I decode the UDP to RTP things are not working properly. >> The data side of things ( I can see the packet loss /Jitter etc.) are working as expected I can however not listen to the call. >> I have tried several releases of Wireshark ( last one I used was 1.40 >> on Windows 7) When I do the exact same sniff with XP and Wireshark 1.40 ? no problem. >> Something in Windows 7 is treating the sniffed packets differently. > > Something on the machine running Windows 7 is causing the sniffed packets to be treated differently from the way they're being treated on the Windows XP machine. That could be the operating system, but it could also be, for example, the configuration of Wireshark, or the version of Wireshark installed. > > Are you running Wireshark 1.4.0 (which is presumably what you meant by "1.40" - there's no version 1.40 of Wireshark) on both machines, or are you running a different version (for example, a recent build from the trunk) on the Windows 7 machine? > > Are the protocol preferences settings for RTP the same on both machines? In particular, is the "Try to decode RTP outside of conversations" checked on both machines? Hi, That last tip usually does it. Also, upgrade to Wireshark 1.4.1, it has some important VoIP related fixes for you. Thanks, Jaap ------------------------------ Message: 3 Date: Tue, 26 Oct 2010 15:53:01 -0600 From: Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> Subject: Re: [Wireshark-users] Analyzing many pcap files with tshark To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <20101026215301.GA3610@xxxxxxxxxxxxxxxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii On Tue, Oct 26, 2010 at 07:40:33AM -0700, Maverick wrote: > Is it possible to give many pcap files to tshark to be processed at > the same time. No, but you can use the mergecap program that comes with Wireshark to combine multiple capture files into one. ------------------------------ Message: 4 Date: Tue, 26 Oct 2010 22:31:58 -0400 From: Maverick <myeaddress@xxxxxxxxx> Subject: Re: [Wireshark-users] Analyzing many pcap files with tshark To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <AANLkTinzy_9_NcKiTmnNuFsJ0uGPu70KQ5OnZO+y=4B4@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Yeah but I have huge file sizes in tens of gbs and merging them first doesn't seem like a good idea so I thought there must be some way to do this analysis on all files. So how this analysis is usually done? People work on individual files and than use some other tool to collect the results of individual tool may be I can take that approach. Thanks MAK On Tue, Oct 26, 2010 at 5:53 PM, Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx>wrote: > On Tue, Oct 26, 2010 at 07:40:33AM -0700, Maverick wrote: > > > Is it possible to give many pcap files to tshark to be processed at > > the same time. > > No, but you can use the mergecap program that comes with Wireshark to > combine multiple capture files into one. > > ________________________________________________________________________ ___ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx > ?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20101026/e9b6 cb1c/attachment.html ------------------------------ Message: 5 Date: Tue, 26 Oct 2010 19:42:58 -0700 From: Guy Harris <guy@xxxxxxxxxxxx> Subject: Re: [Wireshark-users] Analyzing many pcap files with tshark To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <02053C17-5AA8-4E54-AC88-FD7FE098F3B0@xxxxxxxxxxxx> Content-Type: text/plain; charset=us-ascii On Oct 26, 2010, at 7:31 PM, Maverick wrote: > So how this analysis is usually done? People work on individual files and than use some other tool to collect the results of individual tool Probably. See, for example, Boonie's reply to you, which has a DOS/Windows command-line loop to process all the .pcap files in a directory by running each of them through TShark individually; similar loops can be constructed for UN*X shells. ------------------------------ Message: 6 Date: Wed, 27 Oct 2010 08:40:48 -0500 From: "Wojkovich, Richard" <Richard.Wojkovich@xxxxxxxxxxxxxxxx> Subject: [Wireshark-users] SNMP Mibs for Cisco? how to use them on WUG 11.0.1 To: <wireshark-users@xxxxxxxxxxxxx> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" Dear Wireshark enthusiasts, Can you direct me to instructions on how to employ MIBS for Cisco devices in WUG v11.0.1? The reason I ask is that CPU Utilization and Memory Utilization, even though checked and selected under Properties/Performance Monitors, have no values when queried with Device Status Report/Memory Utilization or CPU Utilization (using Internet Explorer 7.0.5730.13), but instead reports "The counter is enabled for this device. Sometimes it takes a while to get the first data points." Thanks in advance for your time and reply, Rick Wojkovich Network Analyst MWRDGC-SWRP 6001 Pershing Rd. Cicero, IL 60804 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20101027/6ec0 676a/attachment.htm ------------------------------ Message: 7 Date: Wed, 27 Oct 2010 17:07:01 +0200 From: Jaap Keuter <jaap.keuter@xxxxxxxxx> Subject: Re: [Wireshark-users] SNMP Mibs for Cisco? how to use them on WUG 11.0.1 To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <b6d3a8da7ed7a0a5b1bcaae396bba80d@xxxxxxxxx> Content-Type: text/plain; charset="utf-8" Hi, I think you posted on the wrong list. Isn't WUG v11.0.1 referring to WhatsUp Gold ? Then you should head over to one of their forums. Thanks, Jaap On Wed, 27 Oct 2010 08:40:48 -0500, "Wojkovich, Richard" wrote: Dear Wireshark enthusiasts, Can you direct me to instructions on how to employ MIBS for Cisco devices in WUG v11.0.1? The reason I ask is that CPU Utilization and Memory Utilization, even though checked and selected under Properties/Performance Monitors, have no values when queried with Device Status Report/Memory Utilization or CPU Utilization (using Internet Explorer 7.0.5730.13), but instead reports "The counter is enabled for this device. Sometimes it takes a while to get the first data points." Thanks in advance for your time and reply, Rick Wojkovich Network Analyst MWRDGC-SWRP 6001 Pershing Rd. Cicero, IL 60804 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20101027/ef52 b192/attachment.htm ------------------------------ Message: 8 Date: Wed, 27 Oct 2010 10:12:49 -0700 From: Maverick <myeaddress@xxxxxxxxx> Subject: Re: [Wireshark-users] Analyzing many pcap files with tshark To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> Message-ID: <AANLkTinL2Xs1U4K984YDUz2P-B32fjtBqFNqHMybys+f@xxxxxxxxxxxxxx> Content-Type: text/plain; charset="iso-8859-1" Thank you guys for your guidance. On Tue, Oct 26, 2010 at 7:42 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote: > > On Oct 26, 2010, at 7:31 PM, Maverick wrote: > > > So how this analysis is usually done? People work on individual files and > than use some other tool to collect the results of individual tool > > Probably. See, for example, Boonie's reply to you, which has a DOS/Windows > command-line loop to process all the .pcap files in a directory by running > each of them through TShark individually; similar loops can be constructed > for UN*X shells. > ________________________________________________________________________ ___ > Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> > Archives: http://www.wireshark.org/lists/wireshark-users > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users > mailto:wireshark-users-request@xxxxxxxxxxxxx > ?subject=unsubscribe > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20101027/5211 f4ba/attachment.htm ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 53, Issue 21 ***********************************************
- Follow-Ups:
- Prev by Date: Re: [Wireshark-users] Analyzing many pcap files with tshark
- Next by Date: [Wireshark-users] Replying to mail when you receive a mailing list in digest form
- Previous by thread: Re: [Wireshark-users] SNMP Mibs for Cisco? how to use them on WUG 11.0.1
- Next by thread: [Wireshark-users] Replying to mail when you receive a mailing list in digest form
- Index(es):
- Get Wireshark
- Download
- Code of Conduct