Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
44
votes
8 answers

Why doesn't wireshark detect my interface?

I just installed Wireshark, but when I click capture > interfaces, the dialog box appears, but it does not contain my network interface. When click on capture > interfaces it appears as in the screenshot below. What can cause this?
Ananda Subasinghe
  • 1,265
  • 2
  • 13
  • 24
40
votes
1 answer

set a filter of packet length in wireshark

I've capture a pcap file and display it on wireshark. I want to analysis those udp packets with 'Length' column equals to 443. On wireshark, I try to found what's the proper filter. udp && length 443 # invalid usage udp && eth.len == 443 # wrong…
Daniel YC Lin
  • 15,050
  • 18
  • 63
  • 96
31
votes
1 answer

What is the reason and how to avoid the [FIN, ACK] , [RST] and [RST, ACK]

What is the reason and how to avoid the [FIN, ACK], [RST] and [RST, ACK]? Is it due to some mismatch between the TCP parameters of the SO´s? What does it mean when the server replies [FIN, ACK] in a TCP/IP connection? 10.118.113.237 is a Solaris…
Sergio Pettena
  • 319
  • 1
  • 3
  • 3
29
votes
2 answers

Transfer a wireshark captured http request to a curl request

I am trying to simulate a post request from a system I am not familiar with(http thrift). With wire shark, I get the http request like :. But I am going to perform a stress test with tools like ab, so How I can transfer a Wireshark package to a ab…
FisherMartyn
  • 826
  • 1
  • 8
  • 17
27
votes
4 answers

How can I configure Wireshark to see HTTPS traffic?

I'm testing an iOS application and I just want to see when HTTPS traffic is sent. I'm not interested in the contents of the traffic. How can I configure Wireshark to do this? This is just to verify that an analytics package is working. I don't…
SundayMonday
  • 19,147
  • 29
  • 100
  • 154
26
votes
3 answers

arp request and reply using c socket programming

I am trying to receive and send arp packets using c programming in Linux (Ubuntu) My program works fine (i.e. runs without any error), but I cannot trace the packets using Wireshark. source code: #include #include…
dsharew
  • 10,377
  • 6
  • 49
  • 75
24
votes
7 answers

Chrome not Firefox are not dumping to SSLKEYLOGFILE variable

I'm trying to decrypt SSL packages with Wireshark as described here. I have already created a SSLKEYLOGFILE System and User variable and the log file. I have restarted my computer (running Windows 10), and opened https urls with Chrome and Firefox,…
Tomas Colloca
  • 233
  • 1
  • 2
  • 6
24
votes
1 answer

How to install Wireshark on Linux and capture USB traffic?

I have encountered numerous problems in the installation of Wireshark, and the capture of USB traffic, especially due to user permissions. How to install Wireshark on Linux and capture USB traffic?
matthieu
  • 1,412
  • 1
  • 11
  • 33
23
votes
5 answers

Wireshark: Filter by Multicast in GUI

Using the Wireshark "Filter" field in the Wireshark GUI, I would like to filter capture results so that only multicast packets are shown. I've seen this post but that doesn't work for the GUI filter field. This Wireshark page shows how to filter…
user1205577
  • 2,388
  • 9
  • 35
  • 47
22
votes
3 answers

How to debug websockets with wireshark

I have hosted my websocket server using python tornado server on localhost ws://localhost:8001 and client is on another system on 192.168.0.116 so when we try to communicate it works fine but cant debug it using wireshark. My websocket is running on…
Hitul Mistry
  • 2,105
  • 4
  • 21
  • 29
21
votes
6 answers

How to concatenate two tcpdump files (pcap files)

How to concatenate two tcpdump files, so that one traffic will appear after another in the file? To be concrete I want to "multiply" one tcpdump file, so that all the sessions will be repeated one after another sequentially few times.
anon
21
votes
1 answer

Installing tshark on RHEL

Is there a way to install tshark on RHEL machines using yum install? when i did: yum install tshark I got back: Setting up Install Process No package tshark available. Nothing to do When i did: yum list tshark I got back: Loaded plugins:…
Chander Shivdasani
  • 9,878
  • 20
  • 76
  • 107
21
votes
7 answers

What is a TCP window update?

I'm making my own custom server software for a game in Java (the game and original server software were written with Java). There isn't any protocol documentation available, so I am having to read the packets with Wireshark. While a client is…
phpscriptcoder
  • 717
  • 2
  • 9
  • 22
20
votes
1 answer

filtering by domain

I want to filter my pcap file by their domains. I mean, I want to see the packets comes on a website ends with ".com", ".org" or ".net". I tried: dns contains "com", ip.src_host == com, ip.src_host == com, http contains "com". None of them worked…
Eray Balkanli
  • 7,752
  • 11
  • 48
  • 82
20
votes
4 answers

How to filter wireshark to see only dns queries that are sent/received from/by my computer?

I am new to wireshark and trying to write simple queries. To see the dns queries that are only sent from my computer or received by my computer, i tried the following: dns and ip.addr==159.25.78.7 where 159.25.78.7 is my ip address. It looks like i…
yrazlik
  • 10,411
  • 33
  • 99
  • 165
1
2
3
99 100