Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
11
votes
1 answer

WireShark - Can I decode UTF-8 data in packets?

In Wireshark, how can I see non-ASCI characters in packets? some of my network data is in UTF-8 encoding and I would like Wireshark to recognize it. Is there a plugin for it? I found this but maybe there is something new about that. I want to see…
0x90
  • 39,472
  • 36
  • 165
  • 245
11
votes
0 answers

Wireshark does not display WSL2 loopback traffic

I try to send udp packet between on my WSL2 localhost client and server, i can sent data successfully but when want to analyze on wireshark, wireshark cannot capture anything at loopback traffic adapter and vEthernet capture. Running program and…
Serhan Erkovan
  • 481
  • 4
  • 18
11
votes
5 answers

Complete reconstruction of TCP Session (HTML pages) from WireShark pcaps, any tools for this?

I wonder if there is a way in wireshark to reconstruct a complete TCP Session (HTML page(s)) if we have wireshark pcaps, can wireshark do the reconstruction? or is there any tool around that can do the reconstruction? Data streamed from a source…
user349026
11
votes
6 answers

Sniff POST variables through HTTPS

I am trying to reverse engineer a script so I can submit a form using Mechanize. The form is using some weird Javascript form upload script that I just can't seem to understand. So I was thinking I would sniff the traffic going from my browser to…
dan-klasson
  • 13,734
  • 14
  • 63
  • 101
11
votes
3 answers

Is there a way to view wireshark .pcap files in Fiddler?

Is there a way to convert wireshark .pcap files to a format that fiddler understands? Every so often we get network traces generated from wireshark in .pcap files. Most of the time the traces contain mostly HTTP traffic which I find much easier to…
Aaron Carlson
  • 5,522
  • 4
  • 31
  • 35
11
votes
5 answers

How to use wireshark to capture mysql query sql clearly

Because we develop using remote Mysql server , so cannot check query sql easily, if use local server you can tail - f general_log_file to see which sql are executed when call some http interface. So I installed a wireshark to capture these query sql…
zhuguowei
  • 8,401
  • 16
  • 70
  • 106
11
votes
4 answers

How to improve workflow for creating a Lua-based Wireshark dissector

I've finally created a Dissector for my UDP protocol in Lua for Wireshark, but the work flow is just horrendous. It consists of editing my custom Lua file in my editor, then double-clicking my example capture file to launch Wireshark to see the…
piyo
  • 784
  • 5
  • 14
11
votes
4 answers

TCP keep-alive gets involved after TCP zero-window and closes the connection erroneously

We're seeing this pattern happen a lot between two RHEL 6 boxes that are transferring data via a TCP connection. The client issues a TCP Window Full, 0.2s later the client sends TCP Keep-Alives, to which the server responds with what look like…
Martin Cowie
  • 2,788
  • 7
  • 38
  • 74
11
votes
2 answers

Parsing pcap taken from wireshark file using - Java

I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries. i converted the bytes to string directly just for checking the meaningful parts of it. then i tried to convert it from hexadecimal to…
MBH
  • 16,271
  • 19
  • 99
  • 149
11
votes
1 answer

wireshark search tcp stream for string

I need to be able to search all tcp streams that contain a particular string, not just a particular packet. Something like: tcp.stream contains "string" I need to do this in order to filter out all streams containing a certain string to get exactly…
Zach Ogden
  • 111
  • 1
  • 1
  • 3
11
votes
5 answers

How to throttle network traffic for environment simulation?

I'm trying to test an application that uses a database connection. What I would like to do is throttling the bandwith to, say, 1 MBit or such to get a better feeling for the application under realistic conditions. I already use Wireshark to have a…
user274464
11
votes
1 answer

How do I format tshark time to ISO format (yyyy-dd-mm)?

I'm trying to print out various fields from a PCAP containing HTTP traffic. One of the columns should be the timestamp in the ISO 8601 format (YYYY-MM-DD hhmmss). Also, if anyone has a full list of fields that work under -e, that would be awesome…
malogos
  • 185
  • 3
  • 9
11
votes
3 answers

How do you decrypt SSH .pcap file that uses Diffie Hellman encryption. With public and private keys

How do you decrypt SSH .pcap file that uses Diffie Hellman encryption. With public and private keys. We are trying through Wireshark with no luck.
cchang
  • 119
  • 1
  • 1
  • 3
11
votes
2 answers

Error "cannot open display" when starting wireshark on Ubuntu command line

I have installed wireshark on Ubuntu, When I run it: /usr/bin/wireshark I get an error: (wireshark:27945): Gtk-WARNING **: cannot open display: I want to run wireshark on the command prompt. I don't want to use the UI. I'm not sure why it is…
The Learner
  • 3,867
  • 14
  • 40
  • 50
10
votes
2 answers

Scapy: get/set frequency or channel of a packet

I have been trying to capture WIFI packets with Linux and see the frequency/channel at which packet was captured. I tried Wireshark and there was no luck and no help. Though using a sample packets from Wireshark, I can see the frequency/channel. So…
Aven Desta
  • 2,114
  • 12
  • 27
1 2 3
99 100