The Official Wireshark Blog

Fluffy Shark

Categories: Pictures
Tags: fluffy
Reader Ro sent in the following pictures: See the complete set at Flickr. The shark-with-a-tube-of-frosting frightens and confuses me. Comments 🔗Comment by maddy on 2009-10-27 12:00:08 +0000 🔗I have the wireshark analyzer installed on my laptop, when I start to capture interface packets, It shows me my entire network/subnet desktop packets, which are not belongs to my ip also. My pc ip is 10.173.X.34 but you can see the other desktop traffic also.which is not related to my laptop. Can you please help me why this is happening? Comment by Gerald Combs on 2009-10-28 11:44:57 +0000 🔗That sounds like what you should normally see when you capture on a LAN connected via a hub. Even in a switched environment you will see spillover from time to time, such as broadcast or multicast packets, or unicast packets to destinations that the switch hasn’t yet learned. I’m hoping to have a video out in the next few weeks that shows what happens when you capture on hubs vs switches. Hopefully it will explain what you’re seeing.

Debugging SSL Servers Over IPv6

Categories: Protocols Tip
Tags: ipv6 nmap ssl
An old-school method of debugging TCP-based services is to use telnet: $ telnet www.wireshark.org 80 Trying 67.228.110.120... Connected to www.wireshark.org. Escape character is '^]'. HEAD / HTTP/1.0 Host: www.wireshark.org HTTP/1.1 200 OK Date: Fri, 16 Oct 2009 19:31:47 GMT Server: Apache Accept-Ranges: bytes Cache-Control: max-age=3600 Vary: Accept-Encoding X-Slogan: Be good. You never know who's running Wireshark nearby. Content-Length: 9628 Connection: close Content-Type: text/html Connection closed by foreign host. It’s like giving your web server a big ol’ hug. Most telnet clients do something very clever here. If you connect to a port other than 23 (or whatever getservbyname returns when you feed it “telnet”) they will disable telnet protocol negotiation and switch to line mode. This gives you a raw, line-based connection which is just the thing you need to interact with an HTTP, POP, IMAP, FTP, or NNTP server. Adding SSL and IPv6 to the mix complicates things. I’m in the process of making Wireshark’s public-facing services available over IPv6. It would be helpful to be able to test connectivity to each service before adding its corresponding AAAA record. Standard telnet clients support 6, but not SSL.

IPv4 Exhaustion FAQ

Categories: Humor
Tags: faq Humor ipv6
Q: What does IPv4 exhaustion mean? Can’t you give IPv4 some Red Bull? A: As everyone knows, the Internet was constructed by Theodore Roosevelt in 1895 using an old-growth forest and a thousand buffalo hides. He created a giant “pool” to hold all of the Internet’s numbers. While quite large for its time, the pool is much too small to handle the demands of today’s Internet. Q: When will the pool run out? A: In about eight and a half minutes. Q: What will happen then? A: The entire Internet will grind to a halt. It will shudder comically as it does so. Q: But how will I get to Twitter? I gotta have my tweets. A: In recognition of its role as the most important web site ever, the final IP address will be reserved for Twitter. In order to get there you will have to defeat an opponent in a cage match. You will get to choose between a crowd shouting “Two packets enter! One packet leaves!” or the Star Trek fight theme. Q: Can’t I have something cool like Eye of the Tiger or that one Van Halen song that sounds like a motivational poster?