Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [wireshark]

Wireshark is an open source Network Protocol Analyzer under GNU License.

508 questions
55
votes
9 answers

How can I sniff the traffic of remote machine with wireshark?

I can sniff the traffic of my local pc but I would like to know how to I sniff the traffic of a remote machine by wireshark? When in capture option I select remote interface and enter my remote ip show me error.code(10061). What should I do?
aboutstudy
  • 997
12
votes
2 answers

How to filter on a the contents of a packet in Wireshark?

I've got an application that is communicating with an Oracle database, it's logging is pretty crappy so the only way I can workout what SQL it is sending to our database is by packet sniffing for TNS.requests; I want to filter these packets by those…
user62006
9
votes
4 answers

Can Wireshark read data being sent to/from other computers?

Let's say WireShark is installed on computer A. And let's say I am looking at a Youtube video on the computer B. Can WireShark see what computer B is doing?
AngryHacker
  • 2,897
7
votes
2 answers

How to decrypt IKVe2 in Wireshark using StrongSwan log info?

Wireshark has the ability to decrypt IKEv2, if you do Preferences, select ISAKMP, it offers an IKEv2 decrypt table which wants the initiator's and responder's SPIs, the encryption and authentication keys (SK_ei, SK_er, SK_ai, SK_ar) and the…
user458233
  • 71
6
votes
2 answers

No interface available for Wireshark running on Ubuntu with wireless connection

I'm completely new to wireshark. I have Ubuntu on a Dell with wireless connection. When I go to Wireshark Capture Option, I cannot select any interface since no interface is listed. What is the problem and how can I fix that?
Phuong Nguyen
  • 703
5
votes
2 answers

How can I easily locate a specific TCP conversation in two separate (and large) packet captures using wireshark?

Occasionally, I'll need to compare packet captures (usually wireshark or tcpdump) that are collected from both sides of a TCP conversation. Sometimes the two hosts involved are very "chatty" so I'll need to narrow down the capture to just a…
Mike B
  • 12,016
4
votes
3 answers

wireshark capture the traffic of other devices in LAN

I am using wireshark on Windows to capture my traffic. Is there a way to capture the traffic of other computers which are connected to the same LAN. If it is not possible with wireshark, is there other tool capable of doing this.
Salvador Dali
  • 965
4
votes
2 answers

Saving Wireshark capture settings for future use

Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it's possible to use scripts generating bunch of capture settings, such with different filter setting. Does…
Stan
  • 1,397
2
votes
2 answers

Wireshark: What is wag-service?

I'm seeing alot of wag-service traffic in wireshark. What is it?
intransit
2
votes
1 answer

Decoding ssl packets with cipher TLS_ECDHE_RSA in wireshark

I am trying to decode ssl packets in a packet capture using wireshark. I am able to successfully decode the packets with server key when the cipher selected by the server during TLS handshake is TLS_RSA_WITH_AES_256_CBC_SHA256.I just mention the…
user3049437
  • 33
2
votes
0 answers

Does wireshark can capture https request?

I have been working in wireshark. And I can able to capture the http request and capturing http packets using wireshark. And now I am capturing the https request. It seems does not capture the packets and when I right click-> follow-->tcp stream It…
toastmaster
  • 21
2
votes
1 answer

Meaning of [MASKED] in pcap file

What does [MASKED] mean? Is it related to websocket proto? Can i state that x.x.7.151 initiated connection closing?
user1700494
  • 1,662
2
votes
1 answer

How can I write a filter to get tcp sequence number inconsistency?

I am using WireShark 1.12 and I am trying to filter SYN , SYN/ACK , ACK by inconsistencies. Would anyone know how to write a filter for this version? Currently I am using this: tcp.ack & tcp.seq & tcp.len I am able to see the drop in sequence…
user127413
2
votes
1 answer

Wireshark, using "Decode as", BACnet is missing as a choice

I'm trying to decode BACnet traffic that was sent on a non-standard port. It looks like I should be able to click "decode as" and choose BACnet or BACapp, but they don't appear in the selection list. What am I missing?
Eric House
  • 31
1
vote
1 answer

What's the correct syntax for tcp.dstport in display filters

I've put the following display filter: tcp.dstport=8127 But it's showing as incorrect (red background): What am I doing wrong?
Max Koretskyi
  • 767
1
2 3