Special thanks to Peter Gaudiomonte for sharing this profile to the repository. What is JA4+? JA4+ is an extension of the JA4 (Just Another 4-tuple) family of fingerprinting techniques. It’s used for network traffic fingerprinting—especially in encrypted traffic analysis—and can be useful for threat detection, TLS/QUIC fingerprinting, and application identification, even when payloads are encrypted. […]
A JA4+ Profile for Wireshark Read More »
Now that we have the IETF QUIC and HTTP3 released and in play in the network, if you want to see this protocol, use this profile. Read more at my article here. This profile will help you work with IETF QUIC that has not been decrypted so you cannot see the HTTP3 traffic. To set
IETF QUIC Protocol Profile – no decryption Read More »
This is a new version of our HTTP Profile for Wireshark. Wireshark defaults to this header reassembly process being ON. I have added a different version of this profile with this setting turned off – FYI. Header reassembly in HTTP troubleshooting can be confusing due to a combination of protocol layering, packet fragmentation, and the
A HTTP Profile with HDR Reassembly ON for Wireshark Read More »
This is a new version of our HTTP Profile for Wireshark. Wireshark defaults to a header reassembly process. I have added this version of the profile with this header reassembly setting turned off. Everything else is the same between the two profiles. Header reassembly in HTTP troubleshooting can be confusing due to a combination of
HTTP profile with Header Reassembly turned off for Wireshark Read More »
For those of you who love Wireshark and are supporting IPv6, we would like to offer an alternative to our default profile for IPv6. This one I call my IPv6 Super Profile. I created this based on modifying the Default IPv6 profile for a client that they called “super”. Think of it as a variation.
IPv6 Super Profile (for Wireshark 3.4.0 and onwards) Read More »
Here is a UDP specific profile for Wireshark. Don’t be one of the people who overlook UDP in their troubleshooting! So many critical events in network operations actually use UDP! Especially today, with the rapid emergence of QUIC essentially replacing TCP. Enjoy. Many people overlook the UDP (User Datagram Protocol) in troubleshooting for several key
Thanks for looking – this is our COMPREHENSIVE pcap file with hundreds of protocols – this is Version 12 Sure, there are others out there, but they all seem to be missing something. That said we thank the original work this pcap file is based on by Johannes Weber (his original blog post found at
Our Comprehensive Pcap File Read More »
TCP Delta Time refers to the time difference between consecutive Transmission Control Protocol (TCP) packets in a data transmission. It is an important metric when analyzing network performance for several reasons: 1. Network Latency and Performance High Delta Times: When the delta time between TCP packets is high, it may indicate network latency, congestion, or
TCP Delta Time Analysis Profile for Wireshark Read More »
TCP Sequence analysis is critical in network troubleshooting because it provides insights into the flow and order of data being transmitted over a network. Here’s why it plays such a crucial role in diagnosing network issues: 1. Ensuring Data Integrity and Order TCP Sequence Numbers: TCP assigns sequence numbers to each byte of data sent
TCP SEQ Analysis Profile for Wireshark Read More »
This LTE profile for Wireshark is contributed by Brent Crier | Network Engineer. Thanks Brent!
This is a Wireshark profile that helps analyze IEC 60870 packets. IEC 60870 part 5 is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. Part 5 provides a communication profile for sending basic telecontrol messages between
IEC 60870-5 Profile Read More »
TCP Selective Acknowledgment (SACK) analysis is crucial for troubleshooting network performance and reliability because it provides enhanced mechanisms for handling packet loss, retransmissions, and improving overall efficiency of TCP communications. Here’s why TCP SACK analysis is important in network troubleshooting: 1. Handling Packet Loss More Efficiently Traditional Acknowledgment (ACK) vs. SACK: In traditional TCP, when
TCP SACK Analysis Profile for Wireshark Read More »
NVMe (Non-Volatile Memory Express) is a high-performance storage protocol designed specifically for modern non-volatile memory, such as SSDs (Solid-State Drives), to reduce latency and improve the speed of data transfers. Unlike older storage protocols like SATA or SAS, which were originally developed for slower spinning disks, NVMe leverages the parallelism of PCIe (Peripheral Component Interconnect
NVMe Profile for Wireshark Read More »
NVMe over Fabrics (NVMe-OF) is an extension of the NVMe protocol designed to enable high-performance access to NVMe-based storage devices across a network fabric, such as Ethernet, Fibre Channel, or InfiniBand, rather than being limited to a local PCIe connection. NVMe-OF allows the benefits of NVMe, including low latency and high throughput, to be extended
NVMe-oF Profile for Wireshark Read More »
iSCSI (Internet Small Computer Systems Interface) is a protocol that allows for the transport of block-level data over IP networks, enabling devices such as servers to access storage over a network as if it were locally attached. iSCSI encapsulates SCSI commands into TCP/IP packets, allowing storage devices to communicate with servers over standard Ethernet networks
iSCSI Profile for Wireshark Read More »