This file contains the following synthetic Wireshark capture files: The lab procedure is in this post: https://www.cellstream.com/2026/04/23/net-neutrality-at-the-packet-level/
Net Neutrality Synthetic Lab Exercise Read More »
As discussed in my Net Neutrality post, I have created a Net Neutrality profile that helps with some display filter buttons and modification of columns. This is just a tool, and I strongly urge you to read and do the lab as described in the article.
Net Neutrality Wireshark Profile Read More »
LLDP (Link Layer Discovery Protocol) is a vendor-neutral Layer 2 protocol defined by the IEEE 802.1AB that allows network devices to advertise identity and capabilities to directly connected neighbors on the same Ethernet segment. Think of LLDP as a “hello, here’s who I am and what I can do” broadcast at Layer 2. How LLDP
A L2 LLDP Profile for Wireshark Read More »
CAN bus (Controller Area Network) is a robust, multi-master, message-based serial communication protocol used primarily in vehicles and industrial systems to allow Electronic Control Units (ECUs) to communicate over a shared two-wire differential bus without a central host. It was developed by Robert Bosch GmbH in the 1980s for automotive applications and later standardized as
A CANBUS profile for Wireshark Read More »
Special thanks to Peter Gaudiomonte for sharing this profile to the repository. What is JA4+? JA4+ is an extension of the JA4 (Just Another 4-tuple) family of fingerprinting techniques. It’s used for network traffic fingerprinting—especially in encrypted traffic analysis—and can be useful for threat detection, TLS/QUIC fingerprinting, and application identification, even when payloads are encrypted.
A JA4+ Profile for Wireshark Read More »
Now that we have the IETF QUIC and HTTP3 released and in play in the network, if you want to see this protocol, use this profile. Read more at my article here. This profile will help you work with IETF QUIC that has not been decrypted so you cannot see the HTTP3 traffic. To set
IETF QUIC Protocol Profile – no decryption Read More »
This is a new version of our HTTP Profile for Wireshark. Wireshark defaults to this header reassembly process being ON. I have added a different version of this profile with this setting turned off – FYI. Header reassembly in HTTP troubleshooting can be confusing due to a combination of protocol layering, packet fragmentation, and the
A HTTP Profile with HDR Reassembly ON for Wireshark Read More »
This is a new version of our HTTP Profile for Wireshark. Wireshark defaults to a header reassembly process. I have added this version of the profile with this header reassembly setting turned off. Everything else is the same between the two profiles. Header reassembly in HTTP troubleshooting can be confusing due to a combination of
HTTP profile with Header Reassembly turned off for Wireshark Read More »
For those of you who love Wireshark and are supporting IPv6, we would like to offer an alternative to our default profile for IPv6. This one I call my IPv6 Super Profile. I created this based on modifying the Default IPv6 profile for a client that they called “super”. Think of it as a variation.
IPv6 Super Profile (for Wireshark 3.4.0 and onwards) Read More »
Here is a UDP specific profile for Wireshark. Don’t be one of the people who overlook UDP in their troubleshooting! So many critical events in network operations actually use UDP! Especially today, with the rapid emergence of QUIC essentially replacing TCP. Enjoy. Many people overlook the UDP (User Datagram Protocol) in troubleshooting for several key
Thanks for looking – this is our COMPREHENSIVE pcap file with hundreds of protocols – this is Version 12 Sure, there are others out there, but they all seem to be missing something, sometimes basic protocols like MPLS and many others. That said we asked for and received permission to build upon a pcap file
Our Comprehensive Pcap File Read More »
TCP Delta Time refers to the time difference between consecutive Transmission Control Protocol (TCP) packets in a data transmission. It is an important metric when analyzing network performance for several reasons: 1. Network Latency and Performance High Delta Times: When the delta time between TCP packets is high, it may indicate network latency, congestion, or
TCP Delta Time Analysis Profile for Wireshark Read More »
TCP Sequence analysis is critical in network troubleshooting because it provides insights into the flow and order of data being transmitted over a network. Here’s why it plays such a crucial role in diagnosing network issues: 1. Ensuring Data Integrity and Order TCP Sequence Numbers: TCP assigns sequence numbers to each byte of data sent
TCP SEQ Analysis Profile for Wireshark Read More »
This LTE profile for Wireshark is contributed by Brent Crier | Network Engineer. Thanks Brent!
This is a Wireshark profile that helps analyze IEC 60870 packets. IEC 60870 part 5 is one of the IEC 60870 set of standards which define systems used for telecontrol (supervisory control and data acquisition) in electrical engineering and power system automation applications. Part 5 provides a communication profile for sending basic telecontrol messages between
IEC 60870-5 Profile Read More »
