IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [packet]

Network packet consisting of routing information and a payload. Most commonly an Internet Protocol (IP) packet. For questions about packet vulnerabilities, or tools like wireshark that directly manipulate packets. Related tag: [network].

Network packet consisting of routing information and a payload. Most commonly an Internet Protocol (IP) packet. For questions about packet vulnerabilities, or tools like wireshark that directly manipulate packets.

Related tag: .

159 questions
71
votes
5 answers

What layer is TLS?

TLS stands for "transport layer security". And the list of IP protocol numbers includes "TLSP" as "Transport Layer Security Protocol". These two things would leave me to believe that TLS is a transport layer protocol. However, most people seem to…
Andrew Spott
  • 862
  • 1
  • 7
  • 8
25
votes
2 answers

Why is my computer making requests to my Roku about spotify?

I'm new to inspecting packets with Wireshark so this might be something very stupid on my part. That said, I don't really understand the transaction between my computer and my Roku. 17 1.129097 192.168.1.70 192.168.1.64 HTTP 248 GET…
will
  • 343
  • 3
  • 6
23
votes
1 answer

Does TCP/IP protocol offer a reliable way of determining who the actual sender was?

So I'm just poking around the TCP/IP protocol using a Ruby library called PacketFu, and it seems to me that in each packet, it is possible to set all of the following Source IP Destination IP Source MAC Address Destination MAC Address and a whole…
OneChillDude
  • 411
  • 2
  • 10
18
votes
1 answer

Is Bluetooth 4.0 traffic encrypted by default/design?

I wonder if the BLE (v4.0) traffic is encrypted by default or by design, or is it just optional? If the former, is the traffic encrypted using a key derived just from the pairing pin or is there some kind of session key as well - like with WPA2? If…
John M.
  • 311
  • 1
  • 2
  • 5
17
votes
3 answers

Is it possible to see a packet before encryption?

I mean, if I am, for example, on Facebook, every packet I send out of my NIC is encrypted. But there must be phase of that packet before it is encrypted. The browser (I think) must create that packet and encrypt it afterwards. So if I am on the…
ShinobiUltra
  • 782
  • 7
  • 16
15
votes
3 answers

Windows: unknown program/service etc. sends HTTP request to download a file; how can I find the origin of that request?

The firewall of my company has detected and blocked a repetitive (every 15 min) HTTP request from a PC, which tries to start a download of a file called ..._chrome_installer.exe(or so) from the host: http://r9---sn-4g57kner.gvt1.com Chrome is not…
Kuronashi
  • 349
  • 1
  • 2
  • 7
12
votes
5 answers

Can Skype chat be protected from snooping? Are there safe alternatives?

I use Skype a lot. With all of my clients, staff, contractors and friends, however, the acquisition by Microsoft worries me, as two of my clients are direct MS competitors, and I often work on long projects which are in development for over a year…
Alex
  • 305
  • 1
  • 3
  • 7
12
votes
4 answers

How was (is?) the ping of death attack possible with IPv4?

While reading about Internet Protocol, I found myself reading about ping of death attacks: the thing that attracted my curiosity was the fact that these attacks could ever work! I mean, why wasn't IPv4 packet dropping (for packets larger than 56…
Nomerandom1
  • 121
  • 1
  • 3
10
votes
1 answer

Wireshark tcp filter: tcp[((tcp[12:1] & 0xf0) >> 2):4]

While reading this doc https://wiki.wireshark.org/CaptureFilters I found this line: tcp[((tcp[12:1] & 0xf0) >> 2):4] which figures out the TCP Header Length, but I can't find out how it really works (in detail). Can somebody explain it?
Neymour
  • 103
  • 1
  • 5
8
votes
1 answer

Reconstructing bittorrent data from PCAP

I am doing a CTF flag for my school project with a PCAP flag based on this CTF write-up: eindbazen.net - Plaid CTF 2012 - Torrent I setup a local torrent file containing an .mp3 (the audio is my flag's key) that is shared between two laptops. I…
Captain Slow
  • 83
  • 1
  • 3
8
votes
1 answer

Can ICMP Redirects still be used to redirect traffic in a LAN?

I tried just tried to migrate a MITM attack using hping3 with ICMP Redirects in my testlab. hping3 -I eth0 -C 5 -K 1 -a 192.168.2.1 --icmp-ipdst 192.168.2.15 --icmp-gw 192.168.2.100 --icmp-ipsrc 192.168.2.105 192.168.2.105 I'm at 192.168.2.100,…
davidb
  • 4,285
  • 3
  • 19
  • 31
6
votes
2 answers

Packet Checksums

I recently learned that every packet includes checksum bytes and that the computer will request the packet again if the checksums don't match. How do the following attacks defeat such a safeguard? ARP Spoofing - I assume that this is able to take…
chubby_monky
  • 358
  • 2
  • 8
6
votes
2 answers

What's the difference between an application-level and circuit-level gateway?

From Wikipedia, I understand that circuit level gateways look at TCP handshakes to filter illegitimate traffic and that application level gateways somehow filter application specific traffic. But I don’t really see the difference--beyond the obvious…
bernie2436
  • 1,437
  • 10
  • 22
  • 29
6
votes
1 answer

When should I generate new public & private keys using RSA?

I'm creating a huge, online mobile game. I have a few questions for you guys because my knowledge in cryptography and sending data across the network securely is kinda poor. Some details: Each user has an account To log in you have to provide your…
Jacob
  • 212
  • 1
  • 7
6
votes
4 answers

How can I extract the certificate from this pcap file?

I have a pcap file of 14 sniffed SSL packets. I uploaded it here: ssl.pcap I opened it with wireshark. I see the 14 packets. The largest of seems to contain a self signed certificate (as it is made in a populat internet tutorial). I see the packet…
Kenyakorn Ketsombut
  • 171
  • 1
  • 1
  • 4
1
2 3
10 11