Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
0
votes
1 answer

What is the best way to extract only hex value for all fields to JSON with Wireshark/TShark

I want to get information I have with Wireshark (the GUI), the information I want are for each packets its layers with all fields and their hexadecimal values. I want to get it to transform each packet into a JSON with this structure: { …
Picot
  • 75
  • 2
  • 10
0
votes
0 answers

How to use wireshark analysis the tls packet Encrypted Alert in Ubuntu22.04

I have a openssl project that is changed somewhere to use,so I develop a client and server in C++ which use the openssl library to perform a TLS handshake,and they will transport a string to each other after the TLS handshake is performed,and now it…
user22027287
  • 1
  • 1
0
votes
0 answers

identify outbound packet destinations in LAN with Wireshark

I am capturing packets using an ethernet bridge and Wireshark. I am routing all of my network's traffic through this bridge, in two different ways: When the bridge is placed outside the LAN, between the router and modem, I capture all outbound…
Peter Becich
  • 989
  • 3
  • 14
  • 30
0
votes
0 answers

Use wireshark in Ubuntu 22.04,the virtual machine will crash after running the packet capture analysis

every time i test my server and client,and i start the wireshark in Ubuntu22.04,and then the virtual machine will crash and begin to show mant things,some of them is like: audit:type=1400 audit(1687714688.484:264): apparmor="DENIED" operation="open"…
user22027287
  • 1
  • 1
0
votes
1 answer

Wireshark Lua Dissector - Getting Unparsed data before dissector

I'm writing a dissector in lua for Wireshark and the only identifier for these packets are in the data that hasn't been parsed yet. I'm just not sure how to get this yet, usually it is in the tvb buffer when using a dissector, but with the other…
Sam Spencer
  • 1
0
votes
0 answers

Unable to compile tshark static binary

As per this how-to-static-compile-tshark, I am trying to do a build a static tshark binary that I can run on some other Linux system. But I am unable to find the configure file in the git repo for wireshark. The only building method supported is…
Trevor Philip
  • 33
  • 7
0
votes
0 answers

How to convert a Wireshark capture to H.264 video file?

I have a wireshark capture in pcapng format containing an RTSP H.264 stream that I would like to convert to a playable video file. Important: the platform is Windows What I've tried without success: Wireshark h264 extractor:…
P Fernandez
  • 21
  • 4
0
votes
1 answer

Understanding an "attempt to index global 'ftypes' (a nil value)" Lua error

I was attempting to use the ZMTP Wireshark Dissector with my current copy of Wireshark (v4.0.6) which uses Lua 5.2.4 on my Ubuntu 20.04 machine to dissect zeromq. I put the lua file in the proper place for Wireshark, and when I start wireshark it…
Jason
  • 3
  • 2
0
votes
0 answers

Timestamps in Wireshark

I just installed Wireshark on two machines in order to track down "lost" webservice-calls: one instance on the machine running the WS, the other on the machine which calls the WS. What I'm missing is useful timestamp - per default, Whireshark is…
buzzyheb
  • 1
0
votes
0 answers

Wireshark--Transmission Control Protocol, Src Port: 51589, Dst Port: 443, Seq: 599, Ack: 6627, Len: 0

I am getting a red message in wireshark mentioning the following: Transmission Control Protocol, Src Port: 51589, Dst Port: 443, Seq: 599, Ack: 6627, Len: 0 Any idea what does that mean?The ones in Red looks like something is wrong Any help in…
user4540741
  • 358
  • 2
  • 12
0
votes
0 answers

Detecting RTP packet loss

For this, I wrote a simple python script which connect to a multicast ip and port, read some data from the socket and extracts some bytes. These extracted bytes are actually the sequence number from the RTP header. Here is the code: import…
astre
  • 798
  • 6
  • 14
0
votes
0 answers

How do I decode Photon traffic from Wireshark

I am using wireshark with a photon dissector I found on github to try and decode data coming out of a game that I am playing. Currently, I can get small amounts of data out of the UDP port, but there is a lot that is either hidden or unreadable, can…
Rasmus Hornung
  • 43
  • 4
0
votes
0 answers

How to detect an incoming "git clone" request in network packets?

I was wondering how I should approach capturing incoming git requests in my server. Is there any specific piece of information that can suggest a packet might be git related? I'm trying to detect any incoming "git clone" request by analyzing…
Its Me
  • 3
  • 2
0
votes
0 answers

congestion avoidance on tcpgraph

I'm trying to understand congestion avoidance on a realistic tcpgraph. I already looked up graphs of congestion avoidance, but they don't really align with mine. I know that congestion avoidance happens when the line goes from exponential to linear.…
Noah H
  • 11
  • 1
  • 2
0
votes
1 answer

bytes captured limited at 15 bytes on wireshark for BLE

I'm recovering BLE logs from my phone after enabling HCI logging and following this The problem is as showed in the figure, it seems that the number of bytes captured is limited at 15 bytes. Notice the 32 bytes on wire, 15 bytes captured, this is…
mn Stoner
  • 37
  • 5
1 2 3
99
100