First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Expert Information - Severity Error

  • retag add tags

Hello,

I have a question about the topic.

If I set the packets under the respective error filter to Ignore, does this go into the network or is this ignored in the *.pcapng, only?

What does ignoring a packet do?

Is there an option to ignore error paket's permanently?

How can I prevent myself from always receiving the same error packets over the network?

Why do I have to do the manual with Wireshark, isn't it automatic? Should my firewall OPNsense do this?

I know these questions are very general. Nevertheless, I would be happy about an answer, maybe I will understand it better, because I only have user knowledge... However, I have been working with Wireshark for a few weeks now and have already gained experience.

Kind Regards Budking

budking's avatar
1
budking
asked 2023-10-06 19:59:39 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Since I am now registered here, I want to ask an independent question, which has been bothering me for a long time. What does it actually depend on which packages I receive? In my opinion, it does not depend on the IP address or to whom the Internet connection is reported. This question is serious and I wonder if it depends on the personal aura?!?!

budking's avatar budking (2023-10-06 20:26:00 +0000) edit
more
  • delete

I've probably done a lot of things wrong with packets. Now I just came up with the idea of ignoring all TCP packets and did it! I don't even understand what TCP means !?!! Basically, I just don't want the network packets to get on my nerves anymore! Is it possible to ignore TCP packets all the time?

Have I done this right, if I want some packages to stop eating into my thoughts? So meant like the song by DMX – going to Make Me Lose My Mind

I need to understand Wireshark even better without understanding any of the code.

Nowadays, the internet is indispensable, even for me. But I want to protect myself from malware and handle what is going on in the background in the network in such a way that it is not unwanted attacks for me.

budking's avatar budking (2023-10-06 20:59:13 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

If I set the packets under the respective error filter to Ignore, does this go into the network or is this ignored in the *.pcapng, only?

The only option I see to "ignore" packets, using the word "Ignore" in the menu item, is the "Ignore/Unignore packet" option, which will toggle the "ignore this packet" option on all of the currently selected packets.

It does NOT affect those packets on the network, because it's too late to affect them. Those packets are in the Wireshark capture you have open because Wireshark, or some other program, has seen them on the network; they've already been sent by some host on the network, and setting them to be ignored will not prevent them from being sent, as they have already been sent, and will not prevent them from being received by the host on which Wireshark is running or on any other host.

(I'm not sure what "under the respective error filter" means - if by "the respective error filter" you mean the filter that you have applied to the capture, it makes no difference. You can ignore them even if there's no filter in effect.)

So it's ignored by Wireshark in this session, but, if you quit Wireshark and then re-open the capture, those packets will not be marked as "to be ignored" - that information isn't saved in the capture.

What does ignoring a packet do?

It causes Wireshark to set an "ignored" flag for the packet in an internal Wireshark data structure, and then to re-dissect all packets in the capture and, for all of the packets marked as "ignored", does no dissection of the packet's contents, it just displays it as "ignored".

Is there an option to ignore error paket's permanently?

No.

How can I prevent myself from always receiving the same error packets over the network?

If you mean "how do I prevent Wireshark from receiving those packets", the answer is "use a capture filter that filters out those packets".

However, that will NOT prevent those packets from being sent on your network. Wireshark is a packet analyzer, not a firewall or a generic "network problem fixer".

If you don't want those packets to be sent on your network, you need to fix whatever problem or problems are causing them to be sent.

Why do I have to do the manual with Wireshark, isn't it automatic? Should my firewall OPNsense do this?

It depends on what type of "error packets" you're talking about.

If, for example, you type some invalid URL, such as http://www.wireshark.org/this_page_do..., into your browser, and try to fetch that page, you will get back an HTTP 404 error page saying that page does not exist.

That 404 error page could be considered an "error packet", as it's reporting an HTTP error. However, it would be inappropriate for a firewall to block that packet, as it reports an error that you ... (more)

Guy Harris's avatar
19.9k
Guy Harris
answered 2023-10-08 07:47:40 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you very much for your detailed answer! Thank you very much.

It helped me a lot to understand the thing better.

I set up my machine to better protect myself from malware. SparkyLinux (OPNsense: [ Unbound DNS (+Adguard-DNS io over TLS/https), Nginx, FreeRadius, OpenDNS], ProtonVPN, Wireshark, Coreboot, Librewolf with Addon [CanvasBlocker, Chamelon, Decentraleyes, DuckDuckGo Essintials/Safe, I don't care about cookies, AdGuard Extra, uBlock], Tor Browser, Invidious io (example FreeTube)

Thanks again. I understand that Wireshark is primarily there to analyze the network in order to find errors or problems. And then, if necessary, to find a solution application.

For example, I had the message "New fragment overlaps old data". TCP Recamouflage Mission Error. SparkyLinux and the application Nginx in OPNsense have caused this error to no longer be reported in Wireshark.

Did I understand correctly that Wireshark has no effect on the network. But if I ignore ... (more)

budking's avatar budking (2023-10-08 08:42:50 +0000) edit
more
  • delete

For example, I had the message "New fragment overlaps old data". TCP Recamouflage Mission Error.

I think that's more like "New fragment overlaps old data (retransmission?)"; it has nothing to do with camouflage. It just means that some host has retransmitted data that was already seen by Wireshark when capturing traffic, perhaps because it hasn't seen an indication that the recipient host has received the data.

Did I understand correctly that Wireshark has no effect on the network.

Yes.

But if I ignore packets in the now, does it affect the continue of the network?

If you mark packets in Wireshark as "ignored", it does not affect the behavior of the network in any fashion. It only affects the way Wireshark dissects the packets (and it usually does not improve the dissection, as it causes Wireshark to ignore information from those packets that may be necessary to correctly ... (more)

Guy Harris's avatar Guy Harris (2023-10-08 09:24:38 +0000) edit
more
  • delete

Warning: This statement is only a Message and maybe to wrong.

I was too crazy and thought my aura (my earthly image of my soul) is recorded on the computer via the magnetic field in data codes . But that was a figment of the imagination.

I understood that in addition to the IP address, there is also the identifier of my machine (PC) and this thought comes from there.

... Personal data still exists, insofar as it is permitted or can be recorded by the IT system...... If I said it right...

I still don't really understand the IT system, but I've come so far that I personally don't get sick from it or it harms me.

I think my delusions are caused by malware, which can happen to a person individually case my psy calls me dailey.

Noted. There are, for example, rootkits. These are probably the ... (more)

budking's avatar budking (2023-10-08 10:43:37 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer