Browsing articles tagged with "wireshark - 5/9 - Admins Goodies"
Aug 19, 2011
tom

No interface available for Wireshark running on Ubuntu with wireless connection

I’m completely new to wireshark. I have Ubuntu on a Dell with wireless connection. When I go to Wireshark Capture Option, I cannot select any interface since no interface is listed. What is the problem and how can I fix that? You probably should check out the article in the wireshark wiki about capture privileges. If this is a temporary setup you could just start wireshark with sudo. But this isn’t really the best approach […]

Continue Reading »
Aug 18, 2011
tom

Checking rtp stream audio quality

We are working in a test environment and need to monitor the audio quality of an rtp stream that is being captured using tshark. Right now we are able to capture the audio and access the file through wireshark, but we would like to find a way to save the audio to a .wav file (or similar) via the command line. Does anyone know of a tool that can do this? There is a small […]

Continue Reading »
Aug 18, 2011
tom

Saving Wireshark capture settings for future use

Is there any way to save Wireshark capture options? So it can be reuse after restart Wireshark. Also, if the saved file is in plain text, it’s possible to use scripts generating bunch of capture settings, such with different filter setting. Does anyone know? Thanks. Using Wireshark 1.2 I would just recommend making .BAT file scripts that do your job for you. It’s a good way of saving your settings: :: Script to save a […]

Continue Reading »
Aug 18, 2011
tom

WireShark – wireshark trace traffic from my local browser to a local .net application I have with a HttpListener? (e.g. local to local)

Can wireshark trace traffic from my local browser to a local .net application I have with a HttpListener? (e.g. local to local) I can’t seem to detect this traffic at the moment with wireshark. Is there a way to do it? thanks See this artical here: http://wiki.wireshark.org/CaptureSetup/Loopback. Given that you’re talking about Windows (.NET assumption) then the short answer is that no, wireshark cannot do this out of the box. This is a limitation of […]

Continue Reading »
Aug 18, 2011
tom

Track IP Messenger’s chatting by wireshark

We have Linux server ( RHEL 5 ), and some client machines ( Windows XP ) in local area network. We using server as proxy server. I am using squid proxy. My windows machines using internet by proxy. Now my client machines using IP messenger for chatting and sharing files with in local network. How can i trace what they are doing or chatting by ip messenger, from my server by wireshark packet sniffer ? […]

Continue Reading »
Aug 17, 2011
tom

How do i convert wireshark capture files to text files?

How can I convert wirshark captures (.cap) files to text files or some format from which I can read the file and parse its contents ? Regards, Mithun Open up Wireshark, select your .cap file, and then go to File->Export and choose the options that you want. So, if you need to do it from the command line, use tshark.exe, as follows. >tshark -i – < “c:filename.cap” > “c:output.txt If you want to write the […]

Continue Reading »
Aug 16, 2011
tom

Using L7 to classify pcap data

I’ve recently become familiar with the Layer 7 Filter project, and it’s ability to classify protocols is quite interesting. All of the information about its use, however, concerns using the filters to do queueing in real-time in order to implement bandwidth management/QOS. What I’m interested in is using the filters to classify traffic that I’ve already captured in pcap format. Comments, hints, experiences, references, or wtfs, welcome. tcpreplay wireplay preplay There are a bunch of […]

Continue Reading »
Aug 16, 2011
tom

Identifying VoIP Users

I’m looking for a way to identify as many consumer VoIP users on my ISP network as possible using packet analysis. My setup is like this: On my core switch, all traffic going in and out of gigabit1 is SPAN’d to gigabit2, where I have a linux server connected. Here’s what I’ve been trying: I ran tshark looking filtering for my networks and the standard SIP ports. Something like: tshark -i eth0 -f “(net 1.2.3.4/24 […]

Continue Reading »
Aug 16, 2011
tom

NTP and phones (need a useful ntp test)

I have a sip phone which gets its time from either an ntp server or the asterisk server. however the packets never seem to get replied to I put wireshark in the way and looked at anything with protocol ntp with that i get : No. Time Source Destination Protocol Info 986 31.590946 172.17.153.201 173.65.167.66 NTP NTP clientFrame 986 (90 bytes on wire, 90 bytes captured) Ethernet II, Src: IntelCor_10:0e:8c (00:24:d7:10:0e:8c), Dst: Dell_f7:28:04 (00:18:8b:f7:28:04) Internet […]

Continue Reading »
Aug 16, 2011
tom

How to use sniffer to troubleshoot SMTP traffic?

We’re having an issue where we are no longer receiving external emails. (We have an Exchange mail system, with a Barracuda spam filter and Watchguard hardware firewall.) The problem is that mail appears to be getting through the Watchguard box, but it is not showing up on the Barracuda box. I’ve been on the phone with techs from both companies and they both pretty much point the finger at the other box. To help narrow […]

Continue Reading »