Questions tagged [wireshark]
The wireshark tag has no usage guidance.
125
questions
0
votes
0
answers
17
views
apt-get dist-upgrade wants to remove qt6-wayland and wireshark
Issue with proposed dist-upgrade
A dry-run of apt-get dist-upgrade shows that qt6-wayland and wireshark would be removed upon execution. I am wondering:
Why will these packages be removed? Is it an ...
- 125
0
votes
1
answer
28
views
How I can sniff network from host to quest that uses wifi usb device?
I want to achieve this:
I have a Linux guest VM using QEMU, using directly a USB Wi-Fi stick via USB passthrough.
In the meantime, using wireshark, I want to sniff the network data from it. In my ...
- 1,087
0
votes
1
answer
83
views
Zigbee CC2531 sniffer successfully installed, but no working device found
On my Linux iMac I have flashed 2 x CC2531 Zigbee dongles successfully (I believe), following this manual: https://www.zigbee2mqtt.io/advanced/zigbee/04_sniff_zigbee_traffic.html
I needed to install ...
- 59
0
votes
0
answers
92
views
Load speed difference between Wireshark and tshark
I have some PCAP files from which I'm trying to extract metadata. I am doing this using tshark, opening the file, extracting a couple dozen fields, then writing the table to disk. I've noticed that ...
- 123
0
votes
1
answer
474
views
is it possible to capture the traffic of websocket using wireshark
I have a websocket connection to wss://ws.example.com, is it possible to capture the websocket traffic using wireshark? I have already tried to using websocket filter in wireshark Version 4.2.0 (v4.2....
- 639
0
votes
0
answers
97
views
find in tshark/wireshark tcp sessions with unique value in filter - ldap.attributes
I need to find in tshark/wireshark tcp sessions with an unique value in filter - ldap.attributes
For example, in a picture
In red - value from filter - ldap.attributes. Some filter in the dump can be ...
- 41
0
votes
2
answers
30
views
Pinging two PCs and trying to capture ICMPs with third PC
I have a setup of three computers that are all on the same subnet and connected to a switch. All services are reachable. I'm pinging from PC(1) to PC(2). Opening tshark with PC(3) but cannot see ...
- 83
1
vote
0
answers
51
views
TCPDUMP Missing response Code header in Back to back execution
I am running two TCPDUMP Commands back to back. Here is the sequence
Run the below command
root@open5Gs:/home/test# tcpdump -l -vvv -s0 -i any -B 4096 -nn -w /home/test/tc060.pcap -c 1500
Execute ...
1
vote
1
answer
533
views
Can `tcpdump ether host` filter with a mask to get, for example, hosts with a specific OUI?
I'm trying to filter traffic by src ether host to see all devices with a specific MAC prefix. If this were like IP, it might filter with src ether host aa:bb:cc:00:00:00/24 to see OUI's matching aa:...
- 495
1
vote
0
answers
107
views
How to capture SATA traffic under Linux?
Using usbmon it's possible to capture USB traffic in Wireshark.
I want to do the same for SATA.
Is it possible?
If it is not possible in Wireshark directly it would be nice to later open the capture ...
- 972
1
vote
1
answer
115
views
GeoIP not working when processing PCAP with tshark as su
I am working with lots of PCAP files and trying to convert them into .tsv files for tabular analysis. So I'm using tshark in a Ubuntu 22 VirtualBox machine to dissect each packet. I have a bash ...
- 123
1
vote
1
answer
629
views
How do I generate a Snort pcap file?
I am new to using snort and still learning in university. I am wondering after I find an intrusion how can I log it and save it as a pcap file? What would the syntax look like to do this? So I can ...
- 21
0
votes
0
answers
121
views
How to sniff in/out packets of a Windows 10 VM from Kali host?
When I created a Windows 10 vm inside of a Windows 10 host, a device was automatically created for it that I could monitor with Wireshark and see only the traffic going in and out of that VM. I ...
- 3
0
votes
1
answer
139
views
Wi-Fi DHCP debugging for cell phone needed
Every then and now, my android cell phone cannot connect to my Wi-Fi and says: unable to obtain IP address. After some time (sometimes minutes, sometimes hours) connection is back to normal.
This is ...
2
votes
0
answers
195
views
Issues with AP and station mode simultaneously on a AP-STA wifi module
I have an iMX8MP board running Linux. The board is equipped with a Wifi module with AP-STA capability. I want this system to start an access point at boot and to connect to an external wifi once the ...
- 149