Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
1
vote
3 answers

How to see the encrypted key in wireshark, during ssl key exchange?

In wireshark, I am able to see the encrypted data to and fro from my PC. It does not use diffie hellman algorihm for key exchange because I see only the Client Key Exchange packet but there is no Server Key Exchange packet. That means the browser is…
suraj
  • 1,828
  • 12
  • 36
  • 64
1
vote
1 answer

Searching for set cookies in wireshark does not show all the cookies that are set in the browser

I first cleared all the cookies in my browser. Then I went to www.yahoo.com. Mean while wireshark was capturing. In the search field of the wireshark, I entered http.set_cookie. But the filtered packets do not show all the cookies that are set in…
suraj
  • 1,828
  • 12
  • 36
  • 64
1
vote
1 answer

selecting major flows at once in a huge pcap in wireshark

i have a large pcap with more than 1000 tcp flows. i want to filter major flows say with packets greater than 100. if i go to conversations and right click on those flows, i can filter those flows, but then i have to do it several times and since i…
mezda
  • 3,537
  • 6
  • 30
  • 37
1
vote
0 answers

How can I view output of tshark -V via Wireshark or similar?

Recently updated my Wireshark on a server, and lost the ability to use -R and -w from the CLI. Since I'm tracing SIP and RTP calls, I need to use -R and not -f. I found out using -V is very useful (shows the packet tree on screen) and then I can…
Muhammad El-Sergani
  • 41
  • 1
  • 3
1
vote
1 answer

how should I re-create a POST first seen in Fiddler in Ruby?

This seemed pretty straightforward: capture a POST in Fiddler (Windows, because I find it easier to use than WireShark) get data posted make a similar POST using Net::Http in Ruby And yet. Every time I run the post, it gets a 500. Could really…
jcollum
  • 43,623
  • 55
  • 191
  • 321
1
vote
1 answer

How to automate measuring of bandwidth usage between two hosts

I have an application that has a TCP client and a server. I set up the client and server on separate machines. Now I want to measure how much bandwidth is being consumed ( bytes sent and received during a single run of the application). I have…
AnkurVj
  • 7,958
  • 10
  • 43
  • 55
0
votes
1 answer

Decoding mapi payload-wireshark

I am trying to understand the mapi protocol. Is there any resource links or opensource project that can help me in understanding of this?
user349026
0
votes
2 answers

Which device is used for intra-localhost traffic?

Meet A and B, two apps running locally on my Windows box. A is listening on port [whatever], B is connecting to localhost:[whatever] Although I can see traffic being sent by A and received by B, Wireshark (and winpcap) shows no activity on any…
MonoThreaded
  • 11,429
  • 12
  • 71
  • 102
0
votes
1 answer

Does wireshark support piggybacked gtpv2 messages?

The question is simple, please see title. I have looked everywhere and still can not find the answer. (I can see the P-Bit (piggyback-bit) is set in Packet Bytes frame, Wireshark does not show that this bit is set in the Packet Details frame and it…
theAlse
  • 5,577
  • 11
  • 68
  • 110
0
votes
1 answer

Jitter values for TCP Streams in Wireshark?

For the TCP stream, i want to get the Network Jitter values as shown for the RTP packets under RTP statistics as Max Jitter and Mean Jitter in Wireshark. Is there any option in Wireshark which gives the Jitter values for a TCP stream. I have only…
NitinG
  • 893
  • 3
  • 21
  • 38
0
votes
2 answers

ASP Request method not showing hidden line feed and tab characters

I am trying to parse a POST request that includes "\n" and "\t" characters but as soon as I use a Request.Form to manipulate the data, those characters are no longer there. I used Wireshark to confirm that the characters are in the POST. Can anyone…
greener
  • 4,989
  • 13
  • 52
  • 93
0
votes
2 answers

Parsing POST request with unexpected URL encoding

This question follows an earlier one. Here is some code that reproduces the problem: POST: str = "accountRequest=" & vbLf & _ "Hello" & vbTab & "World" & vbLf & _ "" Set objHTTP =…
greener
  • 4,989
  • 13
  • 52
  • 93
0
votes
3 answers

UDP: How does the client know its server?

I'm sniffing between two devices which communicate in a duplex fashion via udp. I'm using wireshark to sniff. The config file for the first device (a piece of hardware under test) states that the client port is 54718 and the server is 54717. In the…
Baz
  • 12,713
  • 38
  • 145
  • 268
0
votes
1 answer

How to identify instance at which Webpage is refreshed in Wireshark

I am using Wireshark to monitor WebPage traffic. I would like to know the instance(Paket) at which the Webpage is refreshed. I could'nt find a concrete pattern when I look at the packets. Please let me know. eg: www.wireshark.com ,…
Rhiya
  • 271
  • 6
  • 21
0
votes
1 answer

jpg file difference : from wireshark tcp stream and from a C++ socket

I'm trying to record a jpeg image sent by an Ethernet camera in a mjpg stream. The image I obtain with my Borland C++ application (VSPCIP) looks identical in Notepad++ to the tcp stream saved from the application Wireshark (except for the number of…
Arnaud
  • 109
  • 3
  • 15
1 2 3
99 100