Wireshark is an open source Network Protocol Analyzer under GNU License.
Questions tagged [wireshark]
507 questions
-2
votes
2 answers
Why do different packet analyzers sometimes produce different results?
I ran wireshark and windump at the same time. Both packet analyzers use the same winpcap library.
However after doing a row by row comparison of the results I noticed both every column between the 2 matches except for the protocol and info columns,…
DAT BOI
- 1
- 1
- 2
-2
votes
2 answers
Promiscuous mode not working with ubuntu and wireshark
I am running Ubuntu Linux and have installed wireshark on it. I can see the incoming and outgoing traffic just fine. Now I want to see the traffic from other devices which are on my LAN. So, I did:
$ ifconfig wlan0 promisc
Now I pick up my phone…
Anonymous
- 101
- 1
- 1
-2
votes
1 answer
Wireshark Data view
I would like to view the data from the capture in plain text, but when I do the "Follow UDP Stream" all I see is:
..........x..7..L....7....
..7..Ver 6.41 Dec 21…
Systems Party
- 77
- 1
- 7
-2
votes
1 answer
How do I get statistics on HTTP traffic from Wireshark?
I have captured traffic with dumpcap and filtered http only with Wireshark.
I want to see statistics about that http traffic. For example: requests grouped by method and URL, ordered by number of occurrences, etc. Then, I would like to graph the…
Wojtek
- 465
- 1
- 4
- 6
-2
votes
2 answers
Using tcpdump to find strings
I need to block certain TCP packets by trying to find a string match in and on them. Is there a way to do that with TCPDump? Or do I need wireshare install on my linux server?
One I have the string IPtables can be used to block a string If I…
Jake Thomas
- 105
- 2
- 3
- 6
-2
votes
1 answer
Discover IP address of the device knowing only MAC address
While "wiresharking" the network, You may come across packets that looks like
THIS
eth.src to eth.dst (mainly colored white).. sometimes Wireshark recognize protocol LLC, NDP etc..
but sometimes it just 0x000 or 0x0de. So You know the MAC address of…
apech zzz
- 3
- 1
-3
votes
1 answer
Why tcp.dstport==8127 doesn't capture traffic
I have a simple node.js server running on locahost:8127:
const http = require('http');
http.createServer(function (req, res) {
console.log('incoming');
}).listen(8127);
Now I make requests from a browser to locahost:8127 and I want to capture…
Max Koretskyi
- 767
- 1
- 8
- 16
-3
votes
1 answer
Where to optain my client key for SSL decryption?
example.pcap is a traffic capture I have made on my local Linux box of and now I would like to decrypt it.
tshark -o "ssl.desegment_ssl_records: TRUE"
-o "ssl.desegment_ssl_application_data: TRUE"
-o "ssl.keys_list:…
Jasmine Lognnes
- 2,520
- 8
- 33
- 51
-3
votes
1 answer
Inspecting the E-mail traffic of a Windows Server 2008 R2
I have seen that the IP address of my mail server has added to blocked IP address list on http://psbl.org. I am using this server for personal use. So, it is not that much of an issue that I am, as a non IT pro, handling the server.
I suspect that…
tugberk
- 937
- 4
- 13
- 30
-3
votes
1 answer
Why can't I "decode" packets using Wireshark and some wireless network?
Re,
I have no problem capturing packets on various wireless hotspots but there are a couple in my town that I just cannot understand why packets aren't being captured, other than those of my own. These are "open" networks (i.e., no WEP/WPA/etc.…
MarkieL
- 1
- 1
- 1
-4
votes
1 answer
how to sniff from a remote machine?
I have a PC and a tablet that connected to a TP-Link ADSL modem.
PROBLEM:
I want to see the packets that send and receive from my modem not my PC( to see both wire and wireless packets)
I search very places for do this but I can't sniff from…
goodman
- 11
- 1
-6
votes
1 answer
How to monitor all network traffic
I have installled wireshark on my server but can only monitor traffic through the local nic but all network traffic does not go through the server. I would like to monitor all network traffic.
Are there any good suggestions for software tools to…
John Fleming
- 55
- 1
- 1
- 7