Highest Voted 'tshark' Questions - IT Security Stack Exchange

1

vote

1 answer

Save decrypted pcap or decrypt on reading with rdpcap

I created a small program with runs command: tshark -i2 -o wlan.enable_decryption:TRUE -o "uat:80211_keys:\"wpa-pwd\",\" Passphrase:SSID\"" -w test.pcapng This creates the file test.pcapng, but it is not decrypted. I know from Wireshark docs that…

asked Sep 15 '18 at 19:03

Adrian Rudy Dacka

43
7

1

vote

2 answers

Wireshark decrypt and save wireless packets from command line

I have a question that I can't seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution. At my work, we process wireless sniffs in wireshark. We have a shell script to merge and…

wifi wireshark decryption automation tshark

asked Mar 30 '17 at 23:06

user143532

1

vote

1 answer

How to find organization name with tshark

How can I configure tshark to display the OrgName of the source or destination IP? This command produces empty lines tshark -lq -T fields -e ip.geoip.src_org and so does this command tshark -lq -T fields -e whois.answer

ip wireshark whois tshark

asked Oct 07 '16 at 09:57

user123456

520
1
4
13

0

votes

1 answer

How to decrypt HTTPS traffic with tshark when I have the .key and .crt file?

I have my domain .key and .crt file. the key file include "-----BEGIN PRIVATE KEY-----" when i use command on centos: tshark -r /tmp/xx.pcap -o 'ssl.keys_list:any,443,http,/tmp/private.key' -o 'ssl.debug_file:/tmp/ssl.log' -Y http the command…

openssl wireshark tshark

asked Dec 17 '21 at 02:37

xxddpac

3
3

0

votes

0 answers

TLS Session ID from Client's First Visit

Why would a client send a TLS session ID (96b839ce3aadb65780923d28a3e7e767fc5bddc507884a7e70e506d8b85a06d3 on its first visit to a server/website? My understanding is that the client would include a session ID in the ClientHello message to indicate…

tls session-management wireshark tshark

asked Apr 17 '20 at 21:13

user2205916

101
1

0

votes

1 answer

How to capture all network using eth0 device

I couldn't find an answer yet I hope its not just the way I searched google. I have a computer connected to a router via Ethernet exit. my promiscuous mode is on but I don't see other devices connected to my network in PCAPs, I only see my device…

wireshark tshark

asked Aug 16 '17 at 08:40

dor

1

0

votes

0 answers

Getting HTTPS embedded request paths

I want to be able to do this thing where I can extract path andor hostname (preferably both) of all the embedded requests (HTTP and HTTPS) going within a webpage. I have tried using tshark for this, but when I use this command: sudo tshark -i etho0…

tls http wireshark tshark

asked Oct 21 '16 at 09:48

QPTR

257
2
7

0

votes

4 answers

Human readable SSL/TLS packets

If I have a protocol-analyzer/packet-sniffer, such as wireshark installed on a particular device.. (or in this case; tcpdump & tshark etc. on my smartphone..) ..should I be able to read that devices incoming & outgoing ssl/tls traffic, in an…

tls wireshark packet sniffing tshark

asked May 20 '16 at 15:32

voices

1,649
7
22
36

0

votes

1 answer

TShark Cli question

I am looking over a CTF writeup and I have a problem in reproducing a single command: tshark -r challenge.pcapng usb.bDescriptorType and usb.urb_type==67 -T fields -e usb.bus_id -e usb.device_address -e usb.idVendor -e usb.idProduct Is it correct,…

wireshark tshark

asked May 08 '16 at 22:10

Lucian Nitescu

1,802
1
13
27

Questions tagged [tshark]