Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
20
votes
4 answers

How can I decode SQL Server traffic with wireshark?

I can capture the packets using wireshark, but I can't decode the stream into anything intelligible. This item in the WireShark bug database suggests that maybe this isn't possible in SQL Server 2005 or newer. But several people on Stack Overflow…
Pete
  • 1,790
  • 2
  • 19
  • 31
19
votes
2 answers

What are some good Wireshark tutorials?

I'm trying to understand how to use Wireshark right now, but the official manual isn't a fun read at all when starting out. Its too detailed, and the details are going right over my head because of the information overloading :) What are some more…
Robert Gould
  • 68,773
  • 61
  • 187
  • 272
18
votes
1 answer

Docker receiving multicast traffic

We have a dockerized server application that is doing auto-discovery of physical appliances on the network by listening for multicast packets on port 6969. So we need our docker container to be able to receive these packets from devices outside the…
DTI-Matt
  • 2,065
  • 9
  • 35
  • 60
18
votes
1 answer

How to filter MAC addresses using tcpdump?

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark: tcpdump -i prism0 ether src[0:3]…
Giovanni Soldi
  • 385
  • 1
  • 4
  • 12
17
votes
2 answers

How to capture the traffic of Genymotion Emulator with WireShark?

I would like to capture with wireshark one of the Android application's http messages. I was trying to filter to android's ip address, then mac address without success. I'm sure the solution would be simply, but I couldn't figure it out yet.
b4l4zs
  • 301
  • 1
  • 2
  • 7
17
votes
7 answers

Is there an API for Wireshark, to develop programs/plugins that interact with it/enhance it?

Googling didn't give me great results. Is there any sort of API for Wireshark that abstracts away from the main source code so we can develop programs that interact with it and deal with the data it provides? edit: I appreciate the suggestions for…
jim
  • 191
  • 1
  • 1
  • 4
16
votes
3 answers

Follow tcp stream - Where does field "Stream index" come from?

Wireshark has a that feature called "follow tcp stream", under the menu item "Analyze". When I use it, a screen capture filter is generated, something like: tcp.stream eq 1 Where does this index come from? I can't find any field in the packet that…
pcent
  • 1,929
  • 2
  • 14
  • 17
16
votes
4 answers

How to test HTTP Keep alive is actually working

I know HTTP keep-alive is on by default in HTTP 1.1 but I want to find a way to confirm that it is actually working. Does anyone know of a simple way to test from a web browser (EG how to make sense of wireshark). I know I need to look for multiple…
sub
  • 161
  • 1
  • 1
  • 3
16
votes
3 answers

WireShark doesn't decode gzip'ed http traffic on Windows

Do you guys know why WireShark may refuse to decode gzip'ed http traffic on Windows? My configuration WireShark 1.8.3 Windows 7 Ultimate x64 WinPcap 4.1.2 Option "Uncompressed entity bodies" is checked in Preferences / Protocols / HTTP. Here is…
expert
  • 29,290
  • 30
  • 110
  • 214
16
votes
3 answers

Easiest way to convert pcap to JSON

I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON…
Erik
  • 11,944
  • 18
  • 87
  • 126
15
votes
8 answers

Export pcap data to csv: timestamp, bytes, uplink/downlink, extra info

I was wondering if there is any tool that can parse pcap data and convert it to a csv file with the following information: timestamp, bytes, uplink/downlink, some extra info.. Basically, the uplink/downlink could be seen by the IP/MAC address, and…
Ekhi
  • 497
  • 2
  • 6
  • 11
15
votes
1 answer

Decoding RTP payload as H264 using wireshark

I am streaming a RTSP video from vlc on windows to ipad app. And I capture packets in wireshark. I can see RTP packets in wireshark and also the RTP header fields like payload type, timestamp, sequence number. My question is, is it possible to…
innocodes
  • 163
  • 1
  • 1
  • 7
15
votes
2 answers

How do I filter SQL Server traffic between app and DB servers using Wireshark?

I'm trying to identify the source of some ill-timed connection resets. I'm trying to use Wireshark to capture the traffic that goes between the application server and database server. How do I set up a filter for this in Wireshark?
scott8035
  • 424
  • 1
  • 6
  • 15
15
votes
4 answers

Understanding [TCP ACKed unseen segment] [TCP Previous segment not captured]

We are doing some load testing on our servers and I'm using tshark to capture some data to a pcap file then using the wireshark GUI to see what errors or warnings are showing up by going to Analyze -> expert Info with my pcap loaded in.. I'm seeing…
Steve
  • 390
  • 2
  • 4
  • 16
14
votes
5 answers

SSLKEYLOGFILE environment variable doesn't populate any text file

My operating system is Windows 10 64 bits. I use the latest versions of Firefox and Chrome. I want to save the pre-master keys in order to use them with WireShark. For this, I have found many tutorials that all recommend using the SSLKEYLOGFILE…
Pascal Bergeron
  • 761
  • 3
  • 12
  • 27
1 2
3
99 100