Wireshark is an open source Network Protocol Analyzer under GNU License.
Questions tagged [wireshark]
507 questions
0
votes
0 answers
How to find the symmetric key algorithm being used for a TLS connection in Wireshark?
I'm doing a TLS Wireshark lab and I can't find any information in Wireshark, the lab, or online how to find this answer:
What symmetric key cryptography algorithm is being used by the client and server to encrypt application data (in this case,…
cocoakrispies98
- 101
- 1
0
votes
1 answer
DNS, why is it sometimes doing a PTR lookup before A lookup?
When I perform NSLOOKUP -q=a chinaa.cn I get the following result in WireShark:
Why did it FIRST look up the PTR of my ISP DNS before sending an A-request?
And why did the DNS server respond first with with No such name with .home-appended to it?
Kahn Kah
- 144
- 6
0
votes
1 answer
How to inspect outgoing traffic from Acess Point
I have Access Point which is connecting to VPN and create internal WiFi network of our company everywhere. Now I need to inspect what protocol for VPN is this AP using. I am not able to configure it, so I need to inspect this from packets which is…
jozinko9
- 3
- 1
0
votes
0 answers
How to identify source, destination ip using STUN and DTLS protocols?
enter image description here
Given image i'm not able to identify which is source and destination ip address ( client or server). From STUN protocol 1st packet it's user request so i thought 131.202.240.150 is client ip address. From DTLS 5th packet…
David Roonie
- 3
- 2
0
votes
1 answer
iptables DNAT change not showing up in Wireshark
I want to re-route all incoming traffic on interface ens4f0 to IP address 192.168.50.10, but Wireshark is showing that the destination IP address on incoming packets is unchanged. Is this the expected behaviour? I thought PREROUTING got in before…
QF0
- 183
- 1
- 7
0
votes
1 answer
when router sends ICMP protocol error message how does it set it's own TTL?
when using (traceroute -q 1 serverAddress), we know that it starts with TTL(Time to Live) = 1.
when it goes through router, the router decrements TTL by 1. If TTL becomes 0 at that router, it sends back ICMP error TTL exceeded message. Now, tell me…
David Roonie
- 3
- 2
0
votes
2 answers
How to capture a remote server in different network from home?
I want to capture packets from a remote server using Wireshark. I have a Linux-based server and I can access to it through Putty. This remote server is not on my network. How could I access to a remote server packets and especially MQTT protocol…
Istabraq Mahmood
- 11
- 1
0
votes
1 answer
Where is the ACK to the packet in frame 76?
I am working through Kurose's book as part of a class and this particular exercise involves submitting a .txt file to the server and capturing this transfer and the server's response.
In one exercise I have to choose the 1st 6 packets my pc sends,…
Segmentation fault
- 113
- 4
0
votes
0 answers
Slow connection to production MongoDB due to TLS handshake retransmits
I have question about something that had me tearing my hair out for the past two days.
Long story short: specifically over my home network, my connection to our work MongoDB is stupidly slow. Over my home network it takes around 40 seconds to load a…
umutberkbilgic
- 1
- 2
0
votes
1 answer
How can wireshark.exe on windows read from a pcap file stream?
This is probably less a wireshark question and more a "how do I pipe a file into an application" on windows.
On linux, I can capture a pcap file on another host with tcpdump and pipe it back to wireshark on the local machine for a live capture…
I grok it
- 29
- 3
0
votes
1 answer
tshark : in a HTTP POST request how get form datas in a pretty output?
I'm a teacher and I want to simulate with my students a MITM attack. The goal is to show why the https protocol must be always used.
On debian, I installed tshark. All works fine, when I run the hotspot mode and run tshark, I can get HTTP packets…
spacecodeur
- 107
- 4
0
votes
1 answer
How can I isolate a single TCP connection on Wireshark?
I just started using Wireshark for network troubleshooting purposes and I am a little confused about one thing. I requested a webpage and for the next 10s I monitored the data. I then used the filter to display all of the TCP packets. I have a list…
user603679
0
votes
1 answer
Can I determine a EWOULDBLOCK/EAGAIN situation from a pcap/tcpdump
Is there a way I can determine if a certain message resulted in an EWOULDBLOCK/EAGAIN return code to the server which sent the packet?
The server was sending messages to the client
At time 10,the server sent message 100
At time 20, the server sent…
PasanW
- 133
- 1
- 6
0
votes
0 answers
Can't track applications network communication under same machine
I have a network application environment of 7 applications communicating with eachother through UDP and TCP. All of them using either the machine's local network IP or 127.0.0.1 (localhost) to listen on ports or connecting to eachother.
All these…
underthevoid
- 101
0
votes
0 answers
Postfix behind NAT
my network looks like this:
Internet <-> Gateway router(nat) <-> enp0s3 Linux enp0s8(NAT) <-> SMTP server
Without Linux NAT it works ok, but I need it.
When I try to send mail to another server i get:
and reply from my smtp server: Cannot start…
Bomzi
- 1
- 1