tshark is a Wireshark tool to dump and analyze network traffic.
Questions tagged [tshark]
9 questions
1
vote
1 answer
Save decrypted pcap or decrypt on reading with rdpcap
I created a small program with runs command:
tshark -i2 -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\" Passphrase:SSID\"" -w test.pcapng
This creates the file test.pcapng, but it is not decrypted. I know from Wireshark docs that…
![](../../users/profiles/185298.webp)
Adrian Rudy Dacka
- 43
- 7
1
vote
2 answers
Wireshark decrypt and save wireless packets from command line
I have a question that I can't seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution.
At my work, we process wireless sniffs in wireshark. We have a shell script to merge and…
user143532
1
vote
1 answer
How to find organization name with tshark
How can I configure tshark to display the OrgName of the source or destination IP?
This command produces empty lines
tshark -lq -T fields -e ip.geoip.src_org
and so does this command
tshark -lq -T fields -e whois.answer
![](../../users/profiles/126446.webp)
user123456
- 520
- 1
- 4
- 13
0
votes
1 answer
How to decrypt HTTPS traffic with tshark when I have the .key and .crt file?
I have my domain .key and .crt file.
the key file include "-----BEGIN PRIVATE KEY-----"
when i use command on centos:
tshark -r /tmp/xx.pcap -o 'ssl.keys_list:any,443,http,/tmp/private.key' -o 'ssl.debug_file:/tmp/ssl.log' -Y http
the command…
![](../../users/profiles/271626.webp)
xxddpac
- 3
- 3
0
votes
0 answers
TLS Session ID from Client's First Visit
Why would a client send a TLS session ID (96b839ce3aadb65780923d28a3e7e767fc5bddc507884a7e70e506d8b85a06d3 on its first visit to a server/website? My understanding is that the client would include a session ID in the ClientHello message to indicate…
![](../../users/profiles/232486.webp)
user2205916
- 101
- 1
0
votes
1 answer
How to capture all network using eth0 device
I couldn't find an answer yet I hope its not just the way I searched google.
I have a computer connected to a router via Ethernet exit.
my promiscuous mode is on but I don't see other devices connected to my network in PCAPs, I only see my device…
![](../../users/profiles/156917.webp)
dor
- 1
0
votes
0 answers
Getting HTTPS embedded request paths
I want to be able to do this thing where I can extract path andor hostname (preferably both) of all the embedded requests (HTTP and HTTPS) going within a webpage. I have tried using tshark for this, but when I use this command:
sudo tshark -i etho0…
![](../../users/profiles/100182.webp)
QPTR
- 257
- 2
- 7
0
votes
4 answers
Human readable SSL/TLS packets
If I have a protocol-analyzer/packet-sniffer, such as wireshark installed on a particular device..
(or in this case; tcpdump & tshark etc. on my smartphone..)
..should I be able to read that devices incoming & outgoing ssl/tls traffic, in an…
![](../../users/profiles/83289.webp)
voices
- 1,649
- 7
- 22
- 36
0
votes
1 answer
TShark Cli question
I am looking over a CTF writeup and I have a problem in reproducing a single command:
tshark -r challenge.pcapng usb.bDescriptorType and usb.urb_type==67 -T fields -e usb.bus_id -e usb.device_address -e usb.idVendor -e usb.idProduct
Is it correct,…
![](../../users/profiles/98652.webp)
Lucian Nitescu
- 1,802
- 1
- 13
- 27