Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
14
votes
1 answer

pcap_loop and pcap_dispatch Difference

What exactly is the difference between pcap_loop and pcap_dispatch?
Karthick
  • 2,844
  • 4
  • 34
  • 55
14
votes
3 answers

How to copy hex data of captured packet form wireshark

here is the example this is the captured packet data 00000000 00 6e 0b 00 .n.. 00000004 4d 5a e8 00 00 00 00 5b 52 45 55 89 e5 81 c3 81 MZ.....[…
Chornic
  • 319
  • 1
  • 3
  • 11
14
votes
1 answer

Raw capture capabilities (CAP_NET_RAW, CAP_NET_ADMIN) not working outside /usr/bin and friends for packet capture program using libpcap

TL;DR: Why are cap_net_raw, cap_net_admin capabilities only working in /usr/bin (or /usr/sbin), but not other places? Can this be configured someplace? I'm having problems assigning capabilities to my C program utilizing libpcap in Ubuntu 14.04.…
dirkhas
  • 151
  • 1
  • 1
  • 6
14
votes
3 answers

Sending packets captured with Wireshark

I captured some HTTP POST requests, and want to send them again. How to do it? Googling didn't yield any easy way not involving some complex stuff resulting in a script being able to send only this specific request, without any flexibility.
RomaValcer
  • 2,786
  • 4
  • 19
  • 29
14
votes
4 answers

Using libwireshark to get Wireshark functionality programmatically

If I want to write a script that uses Wireshark's functionality, I use tshark. I hear there is also a libwireshark that can be used when writing a program in C but, for the life of me, I can't find any documentation for it! I tried isolating the…
Elektito
  • 3,863
  • 8
  • 42
  • 72
13
votes
5 answers

How do you test a Wireshark dissector?

When you write a dissector for Wireshark, how do you test it? Looking for the visual output in the UI is not sufficient for a none-trivial protocol. Is there a good way for unit testing of the dissector? EDIT: The structure of protocol frames is…
harper
  • 13,345
  • 8
  • 56
  • 105
13
votes
1 answer

Decrypting HTTPS traffic in Wireshark not working

I'm running Wireshark 1.8.6 on Windows Server 2008 R2 and attempting to decrypt incoming HTTPS communication in order to debug an issue I'm seeing. I have my RSA Keys list set up correctly (I think) but Wireshark will not decrypt the SSL traffic for…
BearsEars
  • 849
  • 1
  • 13
  • 21
13
votes
1 answer

tshark outputting all fields?

Is it possible to get tshark output every field (within the packet) using the -T fields option, or similar? e.g. For every field in the packet/reconstruction, I would like something like…
gak
  • 32,061
  • 28
  • 119
  • 154
13
votes
3 answers

Interpreting Frame Control bytes in 802.11 Wireshark trace

I have a Wi-Fi capture (.pcap) that I'm analysing and have run across what appear to me to be inconsistencies between the 802.11 spec and Wireshark's interpretation of the data. Specifically what I'm trying to pull apart is the 2-byte 802.11 Frame…
Bryce Thomas
  • 10,479
  • 26
  • 77
  • 126
13
votes
2 answers

Wireshark filter for filtering both destination-source IP address and the protocol

I want to filter Wireshark's monitoring results according to a filter combination of source, destination ip addresses and also the protocol. So, right now I'm able to filter out the activity for a destination and source ip address using this filter…
Abhijeet Vaikar
  • 1,578
  • 4
  • 27
  • 50
12
votes
2 answers

My ISP is forcing me to buffer tcp data before sending it

I have a Java TCP game server, I use java.net.ServerSocket and everything runs just fine, but recently my ISP did a some kind of an upgrade, where, if you send two packets very fast for the same TCP connexion, they close it by force. This is why a…
Reacen
  • 2,312
  • 5
  • 23
  • 33
12
votes
4 answers

How do I use tshark to print request-response pairs from a pcap file?

Given a pcap file, I'm able to extract a lot of information from the reconstructed HTTP request and responses using the neat filters provided by Wireshark. I've also been able to split the pcap file into each TCP stream. Trouble I'm running into now…
Steven
  • 17,796
  • 13
  • 66
  • 118
12
votes
1 answer

What is the difference between Burp Suite and Wireshark?

Burp Suite and Wireshark are said to be the best tools for penetration testing. I'm curious what the difference is between them, and the pros and cons of each.
H S Umer farooq
  • 981
  • 1
  • 8
  • 14
12
votes
4 answers

usb sniffing with wireshark

at the moment I am using usbmon to sniff usb. for better understandability I want to use wireshark. I've used wireshark before for sniffing ethernet packets. But what to capture to sniff USB Packets ? I meant I need to start by selecting which…
Neel Basu
  • 12,638
  • 12
  • 82
  • 146
12
votes
5 answers

Random "An existing connection was forcibly closed by the remote host." after a TCP reset

I have two parts, a client and a server. And I try to send data (size > 5840 Bytes) from the client to the server and then the server sends the data back. I loop this a number of times waiting a second between each time. Sometime the server…
TobiasW
  • 378
  • 1
  • 5
  • 17
1 2 3
99 100