Questions tagged [wireshark]

Wireshark is a graphical packet capture and analyser open-source software. It can be used for a variety of network communication analysis tasks like protocol development and troubleshooting. It shows packets on the IP level.

Wireshark is an open-source cross-platform packet capture and analysis tool. It has a wide range of dissectors for different protocols, and offers a powerful filter grammar for searching through packet captures. It is considered by many to be the de facto tool for packet analysis.

326 questions

votes

1 answer

AirPcap is end-of-availability. What alternatives do you recommend?

I've been using Riverbed AirPcap dongles for Wi-Fi analysis for quite some time. But when I am trying to order more, I noticed all their AirPcap devices are end of life by Dec 31, 2017, for reason I don't know: End-of-Availability (EOA) Notice from…

network wifi wireshark

asked Mar 22 '18 at 18:08

Penghe Geng

votes

2 answers

How to connect HackRF to Wireshark?

How to capture ZigBee waves using HackRF and how to analyze it through Wireshark?

wireless wireshark

asked Feb 16 '17 at 16:30

SJK

votes

4 answers

How can I extract the certificate from this pcap file?

I have a pcap file of 14 sniffed SSL packets. I uploaded it here: ssl.pcap I opened it with wireshark. I see the 14 packets. The largest of seems to contain a self signed certificate (as it is made in a populat internet tutorial). I see the packet…

tls sniffer wireshark packet

asked May 21 '16 at 03:44

Kenyakorn Ketsombut

votes

3 answers

How to decrypt SSL traffic with a packet sniffer when I have the private key?

How you do you decrypt ssl packets (traffic) with the private key? I tried to do this with ssldump and openssl but nothing worked.

tls openssl wireshark

asked Mar 17 '16 at 18:33

user104787

votes

2 answers

Decrypting SSL using Wireshark on Linux vs Windows

I'm working on decrypting my own traffic that gets sent through Wireshark and I've been following this guide for reference. I have been using the SSLKEYLOGFILE environment variable and I can get the key files populated on both Windows 8.1 and Ubuntu…

tls windows linux wireshark decryption

asked Oct 27 '15 at 16:00

user2132167

votes

3 answers

How to convert a pcap file to a raw file?

I need to convert a pcap-ng/ now a pcap file to a raw file for being able to analyse it with multimon-ng. Any recommendations? It should be possible, but I am not aware how it should be done.

forensics wireshark

asked Jul 26 '15 at 16:18

QuintusAurelius

votes

2 answers

It is safe to share a wireshark file?

I wanted to share a wireshark of my file, because it may help with some problems i'm having but i need to know if it is safe, or if could reveal sensitive data about me, the only IP's i see are my internal ones not external

wireshark

asked Dec 30 '14 at 04:06

Freedo

2,253
5
18
28

votes

3 answers

Watching for applications like WireShark and other eaves dropping on corporate network

Are there ways to monitor and check for network monitoring like WireShark? Or would it just be more ideal to ensure every application uses SSL to ensure no employee or anyone could packet sniff chats/emails for information.

network windows network-scanners wireshark

asked Apr 03 '14 at 16:39

Jason

3,086
4
20
24

votes

2 answers

Extract cookies from pcap

Is there any tool to extract cookies from network sniffs generated by tcpdump (.pcap files). I know I can open it in wireshark but it will take a while until I find the domain I am interested into and the cookies (is there a filter I can use…

wireshark

asked Apr 05 '13 at 13:51

opc0de

votes

1 answer

GSM - Implementing Cipher Mode Command on YateBTS

I've been studying on Yate & YateBTS source code for a while, and I was wondering why there is no ciphering mode implementation in the source!? I use the combination of BladeRF x40 FPGA and YateBTS package to simulate a private BTS and have a…

encryption mobile phone wireshark gsm

asked Nov 04 '18 at 13:08

Brian Salehi

votes

3 answers

When do Ps Tools send cleartext passwords, and how can I demonstrate this?

The Ps Tools from Mark Russinovich are very handy remote administration utilities. However, they all come with one big caveat. Note that the password is transmitted in clear text to the remote…

windows wireshark

asked Aug 09 '12 at 16:57

Iszi

26,997
18
98
163

votes

1 answer

Is it safe to share a TLS Master Secret?

I am debugging a client/server TLS communication issue with a 3rd party server vendor. For the client-side, I've captured a pcapng dump along with saved via a SSLKEYLOGFILE-like utility. Can I share the files in order to perform a Wireshark…

tls wireshark

asked Mar 08 '18 at 11:59

Yuri

votes

2 answers

Why does Ubuntu make requests to these Amazon EC2 IPs at startup?

Each time I bootup and login to Ubuntu 16.04, and before I launch any software/browser, I watch in Wireshark that Ubuntu has some requests to and from these IPs: 54.173.79.111 54.231.40.234 Whois suggests they are Amazon EC2. I know Ubuntu…

wireshark ubuntu amazon

asked Jan 05 '17 at 15:30

fpghost

votes

1 answer

Unable to obtain TCP/HTTP traffic from WPA2 packets even with full handshake and decryption

The Problem On my WPA2 network, I have been successfully able to get intercept a full four-message EAPOL handshake from a particular computer on my network. It is my understanding that with this handshake (and knowing the passphrase for my network),…

wpa2 wireshark decryption sniffing

asked Aug 29 '16 at 02:01

saltthehash

votes

1 answer

Why did this attack use 0.0.0.0 as IP address and why did it work?

Working through this exercise in network forensics, the attacker used a buffer overflow exploit to send commands to the victim's command prompt. The commands open an FTP session and download some malware. I'm confused about why it works with the…

malware exploit wireshark honeypot

asked Aug 25 '15 at 16:44

mcgyver5

6,807
2
24
45

Prev 1 2

…

21 22 Next