Questions tagged [packet]
Network packet consisting of routing information and a payload. Most commonly an Internet Protocol (IP) packet. For questions about packet vulnerabilities, or tools like wireshark that directly manipulate packets. Related tag: [network].
162
questions
1
vote
0
answers
95
views
How to investigate data transmission of a suspicious camera
I recently bought a camera (for indoors home monitoring), and I got suspicious of its behavior data wise.
It is set up like this:
First you download and install an app called Lookcam onto your phone.
...
- 111
2
votes
1
answer
987
views
Capturing packets in an android application or ios application?
I've an android and ios app. They run on the same application server on Linux. I want to capture the packets when users are trying to log in to the app. How do I proceed? I'm thinking of doing it with ...
- 141
1
vote
1
answer
236
views
Website fingerprinting based on packet traces
Given a set of traces coming from different websites, where each trace is a packet. Assume we only know the time of arrival, size and direction of each packet. How do we go about fingerprinting these ...
- 11
1
vote
2
answers
567
views
TCP with IP Spoofing, Is It Really Impossible?
I was reading: IP Spoofing with real IP when TCP 3-way handshake has been made
Where the answer says:
First of all, every TCP packet has a sequential identifier, which
starts at a random position. (...
- 11
0
votes
0
answers
1k
views
Wireshark Output | [Malformed Packet: Laplink: length of contained item exceeds length of containing item] from Russian IP
While running some traces for one of our production servers, an interesting item kept popping up in our Wireshark:
[Malformed Packet: Laplink: length of contained item exceeds length of containing ...
- 1,247
2
votes
1
answer
3k
views
How to extract Kerberos ticket from Wireshark?
I'm running a pentest and I've managed to get man-in-the-middle access between a machine and a domain controller. A process on the machine will log into the DC, as a domain admin, to get a Kerberos ...
- 99
0
votes
1
answer
468
views
Is it possible to prevent packet capturing on Android for sent TCP/IP packets?
I'd like to know if some measure is possible to prevent the capturing of packets that are being sent on Android.
I'd need the solution to work via code (cannot rely on external tools).
Packets are ...
- 149
0
votes
3
answers
482
views
Nextgen firewalls - encrypted traffic inspection
I read recently about next generation firewalls that use deep-packet-inspection, intrusion-prevention and something the manufacturers call encrypted-traffic-inspection, encrypted-traffic-analytics.
...
- 111
1
vote
0
answers
197
views
IPSec MTU DDos attack
I have this configuration:
HOST-A <---> GAT-A <---> MiTM <---> GAT-B <---> HOST-B
I'm doing a security project on MTU-IPsec vulnerabilities and following this guide of Hal-...
- 23
0
votes
0
answers
157
views
Is every packet of a hostile network flow hostile?
We are building a packet based anomaly detection system and I'm trying to find labeled packets.
Such dataset doesn't exist based on my search, but I can find labeled flows.
Can we say that every ...
- 101
0
votes
2
answers
247
views
Is every packet in a home Wi-Fi which has say, AES password for connection, encrypted using the same password?
If there is an intruder in a LAN who knows the encryption type and password, will he be able to monitor all the packets which are in the LAN? Suppose someone on the LAN is visiting HTTP sites, which ...
4
votes
1
answer
2k
views
Why do I need root privileges to send a raw packet from a UNIX machine?
I was recently reading through the nmap port scanning documentation and it points out that to perform a SYN scan (-sS) you require root privileges because an unprivileged user cannot send raw packets. ...
- 98
1
vote
0
answers
244
views
Snort doesn't capture raw packets
I have a python code on Linux to create a raw packet:
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_TCP)
s.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1)
...
- 113
2
votes
0
answers
1k
views
How to fix TCP stream in Wireshark with spurious retransmission?
This was for a CTF (it ended yesterday, so I'm not cheating), but I've spent so many hours on it that I really just want to understand what I should have done.
Here is the PasteBin Hex Dump. I ...
- 121
1
vote
0
answers
274
views
How do I prevent against man-in-the-middle, specifically the packet injection attack? [closed]
I suspect that I am being targeted in a man-in-the-middle attack from the ISP or in-between of the fiber cable transit or the node by sniffer hardware that detects and injects the malicious packets.
I ...
- 111