Wireshark-users: Re: [Wireshark-users] Identifying application
From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>
Date: Thu, 7 Aug 2008 20:02:46 +0400
Well, since you have written to this mailing list, I assume you want to use Wireshark to figure out what's going on. What I think you should do is to - capture packets with a ring buffer and without live update of the packet list. - wait until you face the problem and then stop the capture (if at the point of the problem the capture doesn't stop automatically with an error). - save the capture. If the capture does stop with an error at the point of the problem, it means something causes the interface towards the ISP physically goes down (you haven't mentioned what kind of connection you have to the ISP). That could indicate some kind of a session timer or something like that... not sure. If the capture continues while there is a problem, then once you have stopped and saved the capture you need to analyze it to see what might be going wrong... I think a good place to start would be to find a lot of frames at more or less the same time with TCP resets (display filter tcp.flags.reset==set). Once you find a clump of packets with this at around the same time as you saw the connections going down, clear the display filter and then search upwards in the packet list to see if there was something suspicious. Perhaps someone else has more suggestions. Abhik. On Thu, Aug 7, 2008 at 7:44 PM, Peter Miklosko <peter_budo@xxxxxxxxx> wrote: > I spoken to ISP, lease period is shorter > > Peter > > ----- Original Message ---- > From: Abhik Sarkar <sarkar.abhik@xxxxxxxxx> > To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> > Sent: Thursday, August 7, 2008 3:55:55 PM > Subject: Re: [Wireshark-users] Identifying application > > Hi Peter, > > Have you checked the output of ipconfig /all from the command prompt? > Perhaps your ISP has a DHCP lease period of only 1 hour and this > somehow causes an issue. > > Regards, > Abhik. > > > On Thu, Aug 7, 2008 at 3:55 PM, Peter Miklosko <peter_budo@xxxxxxxxx> wrote: >> I run Windows XP machine and have problem with internet traffic blockage >> every hour. I may play game online or listen to online radio and loose >> connection every hour. >> First I thought it is my ISP, but then this will not will happen based on >> their own timing not based on timing my machine been started. So I moved >> with my suspicion toward anti-virus. Again wrong, anti-virus check fr >> update >> every ten minutes not every hour. Therefore I made some recording with >> Wireshark. I the recorded logs I found inciminating time when it happends, >> but unfortunatelly I can not identify which application casued this. Can >> somebody guide me please? >> >> Regards Peter >> >> >> >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@xxxxxxxxxxxxx >> https://wireshark.org/mailman/listinfo/wireshark-users >> >> > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > https://wireshark.org/mailman/listinfo/wireshark-users > >
- References:
- Re: [Wireshark-users] Identifying application
- From: Peter Miklosko
- Re: [Wireshark-users] Identifying application
- Prev by Date: Re: [Wireshark-users] Identifying application
- Next by Date: Re: [Wireshark-users] Identifying application
- Previous by thread: Re: [Wireshark-users] Identifying application
- Next by thread: Re: [Wireshark-users] Identifying application
- Index(es):