All Questions
17
questions
1
vote
0
answers
86
views
kali linux filter by protocol wireshark's pcaps
I spent the last 2h looking for a way to quikly filter pcaps, it seems that it is possible using cmd/bat on windows but I can't find anything for kali linux.
I have a way too big pcap and I want to ...
- 11
1
vote
1
answer
1k
views
How to use ciscodump?
In wireshark, there is this option called Cisco remote capture: ciscodump, which, from my understanding, should enable to do a tcpdump on a cisco router (for example) via SSH and get back the results ...
- 11
0
votes
1
answer
512
views
Wireshark - exports what it recognises as a jpeg but the jpeg doesn't open
I have a JPEG GET request in my PCAP as below but when I export it, it's not a valid JPEG file
Any advice as to what I'm doing wrong?
- 493
1
vote
1
answer
262
views
Weird TCP re-transmission
My question is why a TCP flow make a re-transmission when a network has enough link bandwidth.
For finding a cause, I used a wireshark. I got the below captured at a host side (10.0.0.1)
25434 50....
- 133
0
votes
1
answer
1k
views
how to program tcpdump to only capture packets and nothing else
I am developing a program where a .pcap file is going to be an input. However, when I run tcpdump -w someFile.pcap ,in Terminal, the .pcap file captures extra data such as timestamp, microseconds, ...
- 243
2
votes
3
answers
17k
views
How to filter packets with distinct source address in wireshark?
I have a pcap file and I want to wireshark shows me packets with distinct source address. How can I do this in wireshark?
- 117
1
vote
1
answer
2k
views
Wireshark/PCAP XML attributes explained
I'm generating XML-formatted output from a Wireshark dump using the following command:
tshark -r my_wireshark_data.pcap -T pdml > my_wireshark_data.xml
Looking at the XML file generated, I cannot ...
- 362
0
votes
1
answer
525
views
How to find 802.11 protocol variant, and decipher packet_payload_info in PcapNG files?
I'm building a (Python) parser of PcapNG files created by Wireshark.
After reading https://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html, I'm having the following problems:
I'd like to ...
- 1,163
2
votes
1
answer
1k
views
How to split pcap files maintaining tcp sessions
I have a pcap file which contains tcp traces.
I was wondering if there's a way to split these traces in order to maintain tcp flows, but also filtering the traffic on a src ip basis.
For example, if ...
- 121
0
votes
0
answers
756
views
packet sniffing 3ds
I am trying to packet sniff my 3DS just to see what information is available.
With Wireshark I noticed that I can only capture traffic which communicates with my computer directly, and not any device ...
SBloggs
1
vote
2
answers
1k
views
How do capture filters in Wireshark work internally?
I am wondering exactly what happens internally in TShark when I use a capture filter. Specifically, let's say I have the following filter to capture multicast data:
host 224.0.26.3 && port ...
- 763
1
vote
1
answer
3k
views
Provide Session Master Key to Wireshark UI?
I'm working on an issue with HTTPS. I suspect its related to client certificates. I want to read some of the encrypted handshake messages that follows the ServerHelloDone message. (Once the ...
- 12.3k
5
votes
2
answers
3k
views
Follow a .pcap file in wireshark like tail -f
I have a .pcap file on my android device, that I can access from my PC with wireshark via smb and wondering if it possible to get a 'Live view' of that file in wireshark.
Is there any solution?
- 171
1
vote
1
answer
700
views
How to differentiate between three different flavours of pcap files?
There appears to be 3 different file formats associated with the ".pcap" extension -- libpcap /w microsecond timestamps, libpcap /w nanosecond timestamps, and pcapng.
Is there an easy way to ...
- 763
18
votes
2
answers
188k
views
What's all this deploy.akamaitechnologies.com traffic?
I happened to do a tcpdump while leaving my Mac idle, and when I came back after a mere half-hour there were something like 5000 packets involving deploy.akamaitechnologies.com, in which my computer ...
- 269