Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tshark]

tshark is a terminal (console) based version of Wireshark, a network protocol analyzer for Unix and Windows.

65 questions
0
votes
2 answers

Identifying VoIP Users

I'm looking for a way to identify as many consumer VoIP users on my ISP network as possible using packet analysis. My setup is like this: On my core switch, all traffic going in and out of gigabit1 is SPAN'd to gigabit2, where I have a linux server…
Cory J
  • 1,568
  • 5
  • 19
  • 28
0
votes
0 answers

Capturing in monitor mode reports 0 packet for tshark

MacOS 13.4.1 I'm trying to capture 802.11 management packets with a real 802.11 headers (not just Ethernet header) with tshark. So trying to use % sudo tshark -i wifi0 -I -L Data link types of interface wifi0 when in monitor mode…
Some Name
  • 143
  • 4
0
votes
0 answers

Failing to decrypt kerberos AP_REP with wireshark

I'm trying to decrypt kerberos traffic with wireshark for the learning purposes. My process of following: First I retrive keytab for the test user with kadmin kadmin.local: ktadd -k vdzh-fin.keytab vdzharkov@VDZHARKOV.NOVALOCAL Entry for…
vudex
  • 1
  • 1
0
votes
0 answers

Not able to decrypt traffic with tshark and curl

Run tshark in background tshark -i any -w file_name.pcap -f "(port 443 or port 10002)" on server machine Run curl command on client machine after setting export SSLKEYLOGFILE=ssl_key_file_log.txt curl exits, tshark process is terminated Read…
Sameer Naik
  • 218
  • 2
  • 8
0
votes
1 answer

tshark : in a HTTP POST request how get form datas in a pretty output?

I'm a teacher and I want to simulate with my students a MITM attack. The goal is to show why the https protocol must be always used. On debian, I installed tshark. All works fine, when I run the hotspot mode and run tshark, I can get HTTP packets…
spacecodeur
  • 107
  • 4
1 2 3 4
5