IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [wireshark]

Wireshark is a graphical packet capture and analyser open-source software. It can be used for a variety of network communication analysis tasks like protocol development and troubleshooting. It shows packets on the IP level.

Wireshark is an open-source cross-platform packet capture and analysis tool. It has a wide range of dissectors for different protocols, and offers a powerful filter grammar for searching through packet captures. It is considered by many to be the de facto tool for packet analysis.

326 questions
53
votes
2 answers

Decrypting TLS in Wireshark when using DHE_RSA ciphersuites

How can I decrypt TLS messages when an ephemeral Diffie-Hellman ciphersuite is used? I am able to expose the premaster secret and master secret from the SSL Client. Using that, how to decrypt the messages in Wireshark?
Kalai
  • 781
  • 2
  • 7
  • 5
29
votes
5 answers

Can someone using Wireshark obtain the full URL if my program uses HTTPS?

While perusing the contents of pcap files I've noticed some URLs appear to be visible despite being HTTPS. These mainly occur inside payloads that contain cert URLs too, but I also see HTTPS URLs inside what appear to be HTTP payloads. Can someone…
Icann
  • 433
  • 1
  • 5
  • 11
29
votes
2 answers

Extract pre-master keys from an OpenSSL application

Consider an application using OpenSSL which has a bug. A packet capture of the full SSL session is available, as well as a core dump and debugging symbols for the application and libraries. A RSA private key is also available, but since a DHE cipher…
Lekensteyn
  • 5,898
  • 5
  • 37
  • 62
25
votes
2 answers

Why is my computer making requests to my Roku about spotify?

I'm new to inspecting packets with Wireshark so this might be something very stupid on my part. That said, I don't really understand the transaction between my computer and my Roku. 17 1.129097 192.168.1.70 192.168.1.64 HTTP 248 GET…
will
  • 343
  • 3
  • 6
19
votes
3 answers

Determine SSL/TLS version using Wireshark

Using Wireshark, I am trying to determine the version of SSL/TLS that is being used with the encryption of data between a client workstation and another workstation on the same LAN running SQL Server. Documentation on this subject suggests to look…
Guru Josh
  • 423
  • 3
  • 5
  • 10
18
votes
5 answers

How to get private key used to decrypt HTTPS traffic sent and received from my own browser with wireshark

I am working with a website that sends API requests. I would like to write a client to make the requests myself, but in order to do so I would need to first see the request payloads. However, the connection is secured and therefore I can't see the…
MxLDevs
  • 313
  • 1
  • 2
  • 8
18
votes
2 answers

How do we determine the SSL/TLS version of an HTTP request?

We are wanting to configure our Windows client to use only TLS 1.1 and greater. We've learned that we can do this by editing the registry. Now we want to make several HTTPS requests from different applications and check to be sure that they all use…
Shaun Luttin
  • 1,423
  • 3
  • 12
  • 13
17
votes
1 answer

How to demo Skype-decryption using FOSS tools?

I'm preparing a presentation on Skype networking. And I'd like to demo decryption. I found a good approach to decrypting the TLS packets captured with WireShark in this blog post: Rob Andrews, BlueCoat.com, 2014-01-02, Exploring encrypted Skype…
user1868607
  • 279
  • 1
  • 3
15
votes
3 answers

Can an HTTPS request be sent twice?

When sniffing network traffic, one can see an HTTPS packet and all its (encrypted) data. I am wondering what would happen if this packet is copied and then re-sent. Is there a protocol at some layer that prevents the same packet being used twice?…
Reedy
  • 161
  • 1
  • 5
14
votes
5 answers

Why can't I decrypt SSL traffic with the client's private key only?

I have found that I can decrypt SSL traffic in Wireshark with the server's private key. Why isn't the client's private key enough to decrypt SSL traffic?
Wojtek
  • 249
  • 1
  • 2
  • 4
13
votes
2 answers

Is my Windows phone protected from attacks that reveal list of ssids it knows about?

My goal is to see the SSIDs requested by mobile devices in my home. For example, my Windows phone knows about SSIDs called "coffee_shop", "planet_fitness" and "library". I have my phone set to "connect automatically" to those known networks. I…
mcgyver5
  • 6,807
  • 2
  • 24
  • 45
12
votes
4 answers

How can I capture the packets of a LAN device in Wireshark?

Setup PC running Wireshark, connected to the network wireless (if OS variation is an issue, use Wireshark on Linux). Another device connected, wireless, to the same LAN. Wireless network uses WPA2 encryption Question Using Wireshark on my PC, how…
Mars
  • 1,853
  • 3
  • 15
  • 22
12
votes
1 answer

How to study the packets sent by a keylogger

One of my friends runescape account got hacked through key-logger. He downloaded a runescape gold generator from a file sharing site and tried to use it. I have a strong doubt that it is a key-logger. So I run the software in a virtual machine and…
narayan
  • 383
  • 1
  • 4
  • 11
12
votes
4 answers

Eavesdropping vs. sniffing

I'm taking a coursera course, and they take pains when talking about network security to distinguish between eavesdropping and sniffing. According to their definitions, sniffing involves reading or monitoring whole packets, whereas eavesdropping…
fox
  • 243
  • 2
  • 6
11
votes
4 answers

Is my network being sniffed?

Is there any way to find out if someone who is connected to my network is sniffing packets? There is a way with nmap if his card is in promiscuous mode but what if it is passive?
Stefanos T.
  • 111
  • 1
  • 3
1
2 3
21 22