5

I wanted to share a wireshark of my file, because it may help with some problems i'm having but i need to know if it is safe, or if could reveal sensitive data about me, the only IP's i see are my internal ones not external

Freedo
  • 2,253
  • 5
  • 18
  • 28

2 Answers2

6

I think it largely depends on what else you were doing at the time you created the capture. For example, if you were browsing the web, then obviously people would be able to see what websites you were visiting and the content of any unencrypted pages. If you were logging in to something that does not use encryption (for example, telnet, FTP, or a non HTTPS website) then your login information could be in the wireshark capture. Granted, this is fairly unlikely as encryption is used for nearly all logins these days.

Other than that, the wireshark capture will contain broadcast packets from other devices on the network, in addition to MAC addresses. These are fairly unlikely to contain any sensitive information; some people may consider MAC addresses to be sensitive, since they are unique to each device, but unlike public IP addresses they cannot be easily linked to a location or specific person. All it really reveals is the manufacturer of the computer/network card.

tlng05
  • 10,244
  • 1
  • 33
  • 36
  • Thanks for the info, so there is any way to make wireshark capture only the packets from lets say an IP or MAC? Because i only need to see the packets from one device, i used an ip filter but then when i checked the file all the packets were sniffed not only the ones i want, the wireshark were just displaying it what i wanted using the filter, but capturing all the traffic. – Freedo Dec 30 '14 at 06:05
  • You can do this using [filters](https://ask.wireshark.org/questions/14828/how-to-capture-packets-only-tofrom-specific-ip) – BadSkillz Dec 30 '14 at 10:20
  • 5
    Wireshark has *two* (really N+1) filters. There is a *capture* filter per interface set in Edit Interface Settings for the interface, which selects which packets are captured, and also a *display* filter in the toolbar of the display window, which selects which captured packets are displayed. These have different syntax so you can't just copy one to the other, and capture level does not have all the capabilities display level does, but it can do IPs and MACs. See http://wiki.wireshark.org/CaptureFilters and its links. – dave_thompson_085 Dec 30 '14 at 10:23
1

It depends on what information you captured with Wireshark, and who you are sharing it with. If this is at work, and someone from your technical department is asking for it, and you are sure it is a person from your tech department (and not an imposter), you are probably safe to share it with this person, and only this person. I definitely would not post the wireshark file into a forum such as this one, or put it anywhere where other "random" people can access it.

Jonathan
  • 3,157
  • 4
  • 26
  • 42