IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [wireshark]

Wireshark is a graphical packet capture and analyser open-source software. It can be used for a variety of network communication analysis tasks like protocol development and troubleshooting. It shows packets on the IP level.

Wireshark is an open-source cross-platform packet capture and analysis tool. It has a wide range of dissectors for different protocols, and offers a powerful filter grammar for searching through packet captures. It is considered by many to be the de facto tool for packet analysis.

326 questions
11
votes
2 answers

How does MDK3 carry out deauth attacks?

With aireplay, you have to specify both the AP and client to send deauth frames to, but MDK3 doesn't require an AP mac address. Does it just scan the desired channel for beacons until it finds an AP then spoofs that AP's mac address to send deauth…
Bobbybobbobbo
  • 111
  • 3
10
votes
1 answer

Firefox trying to connect to other computers on the LAN

While running Wireshark trying to troubleshoot some other issues, I noticed several SYN connections to ports 80 and 443 on the workstation I was using. The packets were dropped. These were coming from other workstations. There is no webserver…
user2891127
  • 101
  • 4
10
votes
3 answers

promiscuous vs monitor mode in 802.11

I've been reading up on promiscuous mode and monitor mode as they relate to 802.11 networks. I understand the difference, which is explained here: What is the difference between Promiscuous and Monitor Mode in Wireless Networks? The definition is…
ddATX
  • 103
  • 1
  • 1
  • 4
10
votes
1 answer

Wireshark tcp filter: tcp[((tcp[12:1] & 0xf0) >> 2):4]

While reading this doc https://wiki.wireshark.org/CaptureFilters I found this line: tcp[((tcp[12:1] & 0xf0) >> 2):4] which figures out the TCP Header Length, but I can't find out how it really works (in detail). Can somebody explain it?
Neymour
  • 103
  • 1
  • 5
8
votes
3 answers

How to fuzz proprietary protocol over SSL?

I'm doing vulnerability research on a client/server architecture that uses a custom proprietary protocol sent over SSL (port 443). I need to be able to intercept the traffic, and be able to view it in clear-text in something like Wireshark, modify…
eliteparakeet
  • 243
  • 2
  • 7
8
votes
1 answer

Can Wireshark capture https request?

I have been working in Wireshark. And I am able to capture http requests and capturing http packets using Wireshark. And now I am capturing https requests. It seems to not capture the packets and when I right click-> follow-->tcp stream It shows the…
toastmaster
  • 109
  • 1
  • 2
  • 8
8
votes
2 answers

Can we decrypt captured malware (Meterpreter) HTTPS/SSL traffic with the keys from memory?

A machine on our network was compromised with Meterpreter. We have traffic captures from the entire period of the compromise and a memory dump of the infected machine at a time when the connection was established. Can we decode the HTTPS/SSL traffic…
Yara
  • 81
  • 2
8
votes
2 answers

Private key to PEM

I'm new to security and I'm trying to decode some SSL encrypted communication between my machine and server. I managed to obtain private and public keys as far as I understand private key is this one: -----BEGIN RSA PRIVATE KEY----- [private key…
blaz11
  • 81
  • 1
  • 1
  • 4
7
votes
1 answer

Wireshark can't decrypt WPA2 LAN traffic

I want to decrypt my own network traffic. I have Linux Mint on Samsung Laptop with a AR542x Wireless Network Adapter. Open Wireshark, start capture in promiscuous mode & monitor mode and I receive all the packages around me. The problem is that I…
user135023
7
votes
1 answer

List wireless stations around me

I'm looking to find a specific wireless user around me, I have his MAC address, I even have the channel he is on. I've tried iwlist peers, to no avail, as well as airodump. I have seen his mac pop up under airodump, but it is quickly buried under…
unknown6708
  • 111
  • 1
  • 5
7
votes
1 answer

Log all crypto keys used for outgoing SSL / TLS connections on Linux server

Is there some environment variable that works how SSLKEYLOGFILE works for NSS-reliant programs but which would apply to all outgoing TLS / SSL connections on a Linux server and not just ones that use NSS? Specifically I want to do a tcpdump of the…
sa289
  • 317
  • 3
  • 11
6
votes
3 answers

Facebook POST request capture

I have been trying to test a sniff on facebook POST request forms using wireshark (filtered HTTP). At login form, I would try login, and then check wireshark and see that no packet was captured. Strange enough, even the GET request of…
user3818650
  • 305
  • 1
  • 4
  • 12
6
votes
1 answer

How do I verify exactly which cipher suite is in use for this Remote Desktop session?

You can configure Windows to use only certain cipher suites during things like Remote Desktop sessions. Cipher suites such as RC4 56 bit, RC4 128 bit, Triple DES 168 bit, etc. SSL/TLS is not in play here so I'm talking about RDP encryption. You can…
Ryan Ries
  • 949
  • 1
  • 10
  • 14
6
votes
1 answer

Professor wants a Wireshark capture of mail client and browser activity of my own machine

As part of a home exercise in my networking class, the professor is asking students to submit a Wireshark capture done on the students' private machines. The capture must contain activity of the local mail client (e.g. refreshing mails) and…
Philipp
  • 61
  • 1
6
votes
1 answer

Filter TLS in Wireshark or other monitoring tool

As part of the new best practices in hardening server communications I need to deny TLS 1.0 on the web server, before doing so I wish to identify the amount of clients whom connect with this level of encryption, therefore I would like know how to…
Infidel
  • 71
  • 1
  • 1
  • 4
1
2
3
21 22