Skip to main content

Questions tagged [wireshark]

The network protocol analyzer developed and maintained by the Wireshark Foundation

Filter by
Sorted by
Tagged with
74 votes
8 answers
34k views

Mac Homebrew and Wireshark

I've installed Wireshark(.org) using Homebrew. brew install wireshark at the end the script says ==> ./configure --prefix=/usr/local/Cellar/wireshark/1.2.7 --disable-dependency-tracking --disable-...
miku8's user avatar
  • 841
38 votes
5 answers
103k views

How can I see 127.0.0.1 traffic on Windows using Wireshark?

Every time I try to filter to just show a specific IP address, I get an error indicating that it is "not an interface or a field." I have no idea what that means. Furthermore, I don’t really see any ...
glutz's user avatar
  • 493
32 votes
3 answers
50k views

How to set up wireshark to run without root on Debian?

I'm trying to use wireshark on a Debian machine, but when I run it with my non-root user account, it doesn't detect any network interface. I also tried running wireshark as root, but wireshark tells ...
user269334's user avatar
26 votes
3 answers
69k views

Show only HTTP traffic in Wireshark

How can I filter out traffic that is not HTTP in Wireshark, so that it shows me only HTTP traffic, but not, TCP, DNS, SSDP, etc.
sashoalm's user avatar
  • 4,060
20 votes
5 answers
59k views

Filter in Wireshark for TLS's Server Name Indication field

Does wireshark have a filter for TLS's Server Name Indication field?
palindrom's user avatar
  • 511
18 votes
2 answers
187k views

What's all this deploy.akamaitechnologies.com traffic?

I happened to do a tcpdump while leaving my Mac idle, and when I came back after a mere half-hour there were something like 5000 packets involving deploy.akamaitechnologies.com, in which my computer ...
Warren's user avatar
  • 269
18 votes
6 answers
77k views

Capture traffic for specific application

I have an application which communicates with some server. I want to know what the IP of this server is. How can I capture all the traffic from a specific application and not just all the traffic like ...
melco-man's user avatar
  • 309
16 votes
2 answers
29k views

wireshark usb traces explanations

I am trying to reverse engineer an usb (HID) device and cannot really figure out how what I see on wireshark (usbmon + wireshark on linux, or windows) relates to the usb protocol?. I have looked at ...
user415772's user avatar
15 votes
1 answer
35k views

SSL protocol seems to be missing in Wireshark

SSL protocol seems to be missing for me. It doesn't show up in the preferences menu and Wireshark doesn't capture any SSL packets from any program I try. I also had a failed handshake trying to just ...
Nedas Bolevičius's user avatar
14 votes
4 answers
34k views

How do I return just the Http header from tshark?

I'm using tshark to sniff my packets and I'm only concerned with the http header (preferably in the form its sent, but I'll take what I can get). I tried using: tshark tcp port 80 or tcp port 443 -V ...
tzenes's user avatar
  • 389
14 votes
2 answers
32k views

How do I decrypt WPA2 encrypted packets using Wireshark?

I am trying to decrypt my WLAN data with Wireshark. I have already read and tried eveything on this page but without any success (well, I tried the example dump on that page and succeeded, but I fail ...
Rox's user avatar
  • 295
14 votes
4 answers
43k views

Wireshark WPA 4-way handshake

From this wiki page: WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won'...
cYrus's user avatar
  • 21.9k
13 votes
4 answers
36k views

Why do I see "The NPF driver isn't running. You may have trouble capturing or listing interfaces." when starting Wireshark?

When I start up Wireshark, why do I see this message? "The NPF driver isn't running. You may have trouble capturing or listing interfaces."
Matthew Simoneau's user avatar
13 votes
5 answers
61k views

Wireshark cannot see traffic from a VirtualBox guest on Windows 7

I have been trying to use Wireshark to capture some traffic that comes from a virtual machine. The setup is: Windows 7 host Ubuntu guest VirtualBox 4 I send some packets from the guest to the host ...
santiagozky's user avatar
12 votes
1 answer
1k views

Is my connection really encrypted through VPN?

I am checking that my VPN is really encrypting connection, using wireshark. When I capture from the WiFi interface the data is encrypted by openvpn protocol, but when I capture Local Area Connection (...
Fros Vonex's user avatar
11 votes
4 answers
72k views

How to filter by protocol in Wireshark 2.2.7?

I am trying to show only HTTP traffic in the capture window of Wireshark but I cannot figure out the syntax for the capture filter. I have tried suggestions for old versions of Wireshark but with no ...
jstuardo's user avatar
  • 327
11 votes
1 answer
11k views

How to determine what program send the packet recorded in Wireshark?

I was taking some tutorials on Wireshark in order to analyze the packets sent and received when talking to a web server for purposes of learning. When I start listening/recording packets in Wireshark,...
Tono Nam's user avatar
  • 879
11 votes
3 answers
17k views

Chrome browser sending Keep-Alive packets?

I ran Wireshark on my PC and found that my chrome browser was sending LOTS of Keep-alive packets even when there are no sites loaded in the browser, and even when there are no extensions installed!! ...
nmc's user avatar
  • 237
11 votes
2 answers
14k views

How can I diff two network dumps from tcpdump or Wireshark?

I'm having a problem with one of our customers' embedded computers. They seem to discard some network packets which they should not. I can capture the TCP communication from a managed switch outside ...
ygoe's user avatar
  • 2,328
10 votes
3 answers
6k views

usbmon (wireshark, tshark) for regular user

I have libpcap set up with the newest cvs version. Regular users can run Wireshark and tshark. Specifically, they have been added to the wireshark group and can capture from 1. eth0 2. br0 3. nflog ...
d-cubed's user avatar
  • 299
10 votes
1 answer
10k views

In Wireshark where can I find the TLS Server's Certificate

I'm looking at a TLS v1.3 headers in Wireshark and I'm not sure where I would find the server certificate that is used to confirm that the server is who they claim to be. The Client Sends Hello then ...
masonCherry's user avatar
10 votes
4 answers
122k views

How to block the Whatsapp Android application in a network

I need to block the users from accessing Whatsapp Android application who have logged in to my network. I tried to take Wireshark logs and tried to find the server's IP Address and port number, but I ...
Nandhan's user avatar
  • 201
10 votes
1 answer
33k views

Capturing traffic by HTTP host name, not by IP, via WireShark

I'm trying to filter traffic only to a given HTTP host name. I have a server, and I have dozens of websites on it. It only has one interface and one IP address. Thus filtering to my IP address is not ...
Saeed Neamati's user avatar
9 votes
2 answers
45k views

Only shown problematic packets in WireShark

I am using WireShark to analyse millions of packets. Is there a filter which will only show those packets which have errors? By "error", I mean an IP error (e.g. incorrect IP header checksum), an TCP ...
Randomblue's user avatar
  • 3,485
9 votes
3 answers
8k views

Concern over running Wireshark as root

I started Wireshark on my Ubuntu machine and discovered that there were no interfaces I could listen to. So I launched it as root. This gave me access to all the interfaces, but gave me a warning: ...
Nathan Osman's user avatar
  • 2,772
9 votes
4 answers
127k views

How to get the URL from a internet radio station so I can stream it from VLC

How do I could get the embedded URL from this internet radio? http://wp.1045radiolatina.com/escucha-en-vivo/ What I meaning by URL from where is the radio is streamed. I have been trying to use URL ...
Lime3003's user avatar
9 votes
1 answer
2k views

Capturing Internet Connection Sharing (ICS) traffic using Fiddler

How can we capture HTTP traffic that goes through an ICS connection? Full details: I have a PC connected to internet via Ethernet. PC has set up a Wifi Hotspot using Internet Connection Sharing (ICS)...
FrankieA's user avatar
  • 489
8 votes
1 answer
3k views

Why, if I am connected via Wi-Fi and send a packet to another device in the same Wi-Fi, the dest MAC address in the link layer is not the AP's?

In the IEEE 802.11 protocol, in the link frame, the second address is the sender MAC address, and the first address is the receiver MAC address, which is the AP address if the sender is a station, and ...
Allexj's user avatar
  • 254
8 votes
2 answers
5k views

How many TCP retransmissions Internet traffic is considered normal for a basic home setup?

Out of curiosity, I connected my laptop with an ethernet cable to the router and fired up Wireshark to understand and 'visualize' what's going on. Some packets caught my attention. I was having some ...
Netu30's user avatar
  • 81
8 votes
6 answers
6k views

Lightweight tool for viewing raw HTTP messages?

I'm investigating differences in behaviour between a couple of Web servers. I need to see raw response data from the servers (i.e. before the response is de-chunked if it has "Transfer-Encoding:...
rewbs's user avatar
  • 405
8 votes
2 answers
38k views

Wireshark - How do i filter the TCP[RST] packet?

I am looking for filter out the TCP[RST] packets on wireshark. I have tried tcp.analysis.flag but it didn't help.
user avatar
8 votes
1 answer
36k views

How to find HTTP GETs in Wireshark

How can I use the filter in Wireshark to find only those lines that have HTTP GET in them?
tony_sid's user avatar
  • 14.5k
8 votes
3 answers
8k views

Wireshark - how can I observe little endian big endian difference in byte order using Wireshark?

I wrote a simple application which communicates using UDP sockets (in C). Application is simple: clients sends numbers to server, and server computes the sum of them. Now, I know how can I capture ...
mirx's user avatar
  • 217
8 votes
1 answer
36k views

Capturing wireless traffic (using Wireshark)

When I run wireshark on a wired network it works fine and reports all of the packets. When I run it on a wireless network though I only see my own traffic. The wireless card I have is supposed to ...
Daisetsu's user avatar
  • 6,011
7 votes
2 answers
41k views

How can I get the actual TCP sequence number in Wireshark?

In Wireshark, TCP sequence numbers are displayed as relative sequence numbers by default. How can I get the actual TCP sequence number?
user2018084's user avatar
  • 2,134
7 votes
1 answer
3k views

ICMP packet with TCP?

For some time now I have found myself interested in packet analyzing and I try to figure out all kinds of stuff that I see in network captures. I hope you guys might want to help me find out this one. ...
Deluccio's user avatar
7 votes
4 answers
10k views

What's the difference between wlan.sa, wlan.ra, wlan.ta and wlan.da?

Tshark/wireshark (CLI) has several fields to display for WLAN, including these four (+ description from manual): wlan.sa: Source address wlan.ra: Receiver address wlan.ta: Transmitter address wlan....
user2862333's user avatar
7 votes
3 answers
18k views

How can I capture traffic to localhost using Wireshark?

I am using Wireshark on Windows Vista and I would like to capture http traffic to localhost (127.0.0.1), for debugging purposes, but I have some questions. How can I do this? What capture interface ...
Jonas's user avatar
  • 27.8k
7 votes
1 answer
18k views

Capture Only HTTP traffic in tshark

I am new to tshark tool usage. I am trying to use tshark tool for capturing only HTTP traffic but i am unable to do it. Here is the cmd i run to get the all traffic: tshark -c 1000 -w packetFile.pcap ...
Seeker's user avatar
  • 173
7 votes
3 answers
16k views

X11/XQuartz won't auto-launch after upgrading to OS X Mavericks?

I can't use Wireshark on latest OS X 10.9 Mavericks. Previously, I was using XQuartz to run X11 applications like Wireshark. But, yesterday, after I upgraded my iMac operating system to OS X 10.9, I ...
Yi Jiang's user avatar
  • 183
7 votes
1 answer
9k views

Why do i see Ethernet II protocol in wireshark in wireless connection?

I have a small network in my home that consists of one network device named airties rt-205 and clients. Clients connect to this device via wireless and send its packet to the internet through this ...
Pioneerhfy's user avatar
7 votes
1 answer
45k views

What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?

I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)). curl -XGET http://192.168.0.1:8081/api The API on 192.168.0.1 (which I am ...
WoJ's user avatar
  • 3,253
7 votes
2 answers
30k views

TCP segment of a reassembled PDU

In wireshark sometimes I see this: 478195 5738.896809 192.168.1.79 61.213.44.124 TCP [TCP segment of a reassembled PDU] What is a PDU? Was it reassembled? What does this mean?
tony_sid's user avatar
  • 14.5k
7 votes
2 answers
11k views

How to write a filter in Wireshark/Ethereal that displays only packets with a specific string?

Wireshark supports filters like this: ip.addr == 192.168.0.1 What is the syntax to check the packet content? (C# equivalent of what I want) content.Contains("whateverYouWant")
Jader Dias's user avatar
  • 16.1k
7 votes
5 answers
18k views

How to test Bit Error Rates on Ethernet Networks?

I need a tool software or otherwise (preferably software) that will allow me to test Bit Error Rates on an Ethernet Network. I am using a software tool that I did not write and do not have access to ...
rhololkeolke's user avatar
7 votes
1 answer
3k views

Determine current USB address of device in Windows

TL;DR: How did my Win10 system arrive at a USB source address of 2.5.5 for my mouse (in Wireshark) when USBPcapCMD lists it as hub 2, port 6? Can I determine the 2.5.5 address without guessing? ...
Shrout1's user avatar
  • 1,104
6 votes
1 answer
41k views

How do I get Wireshark to filter for a specific web host?

I'm using Wireshark on OSX, but I can't make any sense out of the filtering system. I have this filter set up: But when I hit that server, I don't see anything show up in the capture log. If I ...
Almo's user avatar
  • 431
6 votes
2 answers
6k views

running wireshark inside a centOS docker container

I installed wireshark using yum (RUN yum install -y wireshark wireshark-qt) - and cannot run it when I ssh into the container. # tshark tshark: Couldn't run /usr/sbin/dumpcap in child process: ...
eran's user avatar
  • 271
6 votes
2 answers
64k views

How to capture "dropped packets" in tcpdump

I have a problem with my networking performance. I am using Ubuntu 16.04 on VMware Cloud Server with NIC E1000. But I see some packets dropped in sections of ifconfig command: root@ubuntu:~# ifconfig ...
Joey's user avatar
  • 783
6 votes
2 answers
17k views

Sniff traffic coming from one particular application?

Basically I'd like to sniff HTTP requests made by an .exe on Windows. I tried using wireshark, but it's somewhat unhandy since it sniffs all traffic on the interface. Are there any alternatives?
Robus's user avatar
  • 254

1
2 3 4 5
18