Stack Overflow
Stack Overflow

Questions tagged [wireshark]

Wireshark is a network capture and protocol analyzer tool. If this question isn't directly about programming, consider asking it on Super User or Network Engineering instead of here.

Wireshark is a network capture and protocol analyzer tool. It lets you capture and interactively browse the traffic running on a computer network. It is the de facto standard across many industries and educational institutions. For capturing it relies on the libpcap library.

3029 questions
0
votes
2 answers

Error Fragmented IP Protocol

I am making application in c#.In that application i want to broadcast some data using UDP protocol.I am making socket as IPEndPoint ipep = new IPEndPoint(IPAddress.Broadcast, Convert.ToInt32(ServerPort)); Socket socket = new…
Dany
  • 2,034
  • 8
  • 34
  • 54
0
votes
1 answer

C# UDP socket problems

I'm trying to send some UDP packets to a server. I use Wireshark to monitor my activity. When I send a packet, wireshark tells me my header checksum is incorrect. At the wireshark preferences the option "Validate the UDP chechsum if possible" is…
Tim S.
  • 13,597
  • 7
  • 46
  • 72
0
votes
3 answers

Sniffing packets using tshark

I have 2 servers(serv1,serv2) that communicate and i'm trying to sniff packets matching certain criteria that gets transferred from serv1 to serv2. Tshark is installed on my Desktop(desk1). I have written the following script: while true; do tshark…
Chander Shivdasani
  • 9,878
  • 20
  • 76
  • 107
0
votes
2 answers

How do I know my lua script is running in Wireshark?

I'm about to write a dissector for Wireshark in Lua but wanted to test a simple hello world first. But how do know it is running? Can I see the debug print somewhere? This is the script: -- hello.lua print("Hello World!") I run Wireshark 0.99.7 on…
norq
  • 1,404
  • 2
  • 18
  • 35
0
votes
1 answer

What's the meaning of first duplicate pakets in a tracerouting?

When I perform a traceroute, the first packet I send has ttl=1 and the reply is always "null" "timeout" from my router. That's the fist thing I don't understand: why my router doesn't send me a time exceeded icmp message? Using wireshark I observed…
Mattz
  • 13
  • 4
0
votes
1 answer

Parse out UDP information with tshark (Wireshark) or Python

I am broadcasting UDP packets between 2 machines and listening to them on a third machine. I can see the packets in Wireshark and need any easy way to obtain the "Data" portion of the UDP packets. I have been able to dump the packet infromation to…
mcfly
  • 1,151
  • 4
  • 33
  • 55
0
votes
1 answer

Wireshark Filters: Getting the packet that was sent before the filtered one

I am trying to create a filter in Wireshark that will grab all SMB responses that return "Error: STATUS_NO_SUCH_FILE". I would also like the be able to grab the packet before the filtered ones. Here's an example: No. Time Source …
qroberts
  • 119
  • 8
0
votes
1 answer

how to listen network in house with wireshark?

Since I am trying to send some packets within my home from one PC to another PC , I am writing a program but I think I have a problem. Can you please tell me how I can listen the network within the house ? ( I am using windows ) Thank you all
Ozer
  • 1,245
  • 4
  • 20
  • 27
0
votes
0 answers

PyShark+Django : Unable to make async call when pyshark is used in a Django view

I am using pyshark module in a Django view to get the ports breakdown from an uploaded PCAP file. views.py class ProtocolAnalysisView(APIView): parser_classes = (MultiPartParser,) def analyze_pcap(self, pcap_file): res = {} …
user22180181
  • 11
  • 3
0
votes
0 answers

Did Not Catch The Actual Password

Here's my wifi bruteforce program: from hmac import new from time import sleep from pyshark import FileCapture from binascii import a2b_hex, b2a_hex from hashlib import pbkdf2_hmac, sha1, md5 def MakeMIC(pwd, ssid, A, B, data, wpa=False): pmk =…
Carman Zyre Bautista
  • 1
  • 1
0
votes
0 answers

tshark not including filters

I have a tshark capture filter that's not including what I feel like it should include. I'll start with the instruction: tshark -i Ethernet -f "host 10.10.10.120 && (((ether[48:2]==0x0201 && ether[88:2]==0x0000) || (ether[48:2]==0x0201 &&…
Vcrewchief
  • 1
  • 3
0
votes
0 answers

what is the reason of tcp reset

I am running two pods in Kubernetes, pod A sends a connection request to pod B, however second pod response with tcp RST. Is there a way to guess from the Wireshark capture to see why reset happened ? Any area where I need to look for this issue if…
myquest9 sh
  • 5
  • 3
0
votes
0 answers

capture filter works in tshark but not wireshark

Using the same exact filter syntax, capture filters work in tshark but not wireshark. Using this command: tshark -i Ethernet -f "host 10.10.10.120 && (ether[48:2]==0x0201 || ether[48:2]==0x0301)" produces a filtered output in tshark: tshark…
Vcrewchief
  • 1
  • 3
0
votes
1 answer

duplicate packets in wireshark during playback

When I play back a pcap file using Colasoft, wireshark is seeing duplicate identical packets. When I open the pcap in Wireshark, it shows the correct number of packets. I tried to play a pcap using Colasoft, and I was expecting to see the identical…
Vcrewchief
  • 1
  • 3
0
votes
0 answers

Tls 1.3 - I don't understand servers ApplicationData

I am analyzing connection between my client and remote server in TLS 1.3. I send all handshake finished messages and my application data with GET request in it. I always get the same response, I cant find what does it mean in RFC document. Can…
Piotr_Kowalski
  • 68
  • 4
1 2 3
99 100