Collaborate Disseminate
I have Wireshark setup to decrypt and display packets in realtime. But I need to have them written to file in realtime also. Someone suggested Tshark, but I can only get it to write to file and not decrypt. Here are the co… Continue reading How to decrypt wifi traffic in realtime and write it to file with Tshark?
This article is interesting. He created this string using the tshark DNS query:
“\x13\x37\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x13google-public-dns-a\x06google\x03com\x00\x00\x01\x00\x01”
But I don’t understand how h… Continue reading DNS query with netcat (convert DNS queries into hex ASCII)? [on hold]
I created a small program with runs command:
tshark -i2 -o wlan.enable_decryption:TRUE -o “uat:80211_keys:\”wpa-pwd\”,\” Passphrase:SSID\”” -w test.pcapng
This creates the file test.pcapng, but it is not decrypted. I know … Continue reading Save decrypted pcap or decrypt on reading with rdpcap
With Tshark we can convert pcap file into text file, but is there any way by which we can convert back text file to pcap file.
I am working on project which has four entities (snort,logstash,elasticsearch,kibana).I am maintaining snort which is deployed in Centos 7, snort puts a metadata in alert file(/var/log/alert) this data is extracted from logsa… Continue reading Snort pcap mapping with kibana
I have a pcap file in which I aim to analyze the HTTPS traffic (specifically, TLS headers) using tshark. I filter HTTPS traffic using the tcp port (== 443). Thereafter, I print the TLS record content type for every packet. However, some of the packets have no TLS header. I suspect this is because of TLS fragmentation or application data split over multiple packets. How do I handle these packets using tshark? I am using the following command to extract the header information:
tshark -O ssl -T fields -e ssl.record -e ssl.record.content_type -r “tcp.port == 443 && tcp.len > 0”
Continue reading No TLS record type in some PCAP packets with port 443
I am trying to capture wireless traffic from one mac address only, and I seem to be using the wrong syntax. when I use:
dumpcap -i wlp2s0 -b filesize:100000 -w capture.pcapng -a duration:18000 -f wlan addr1 d4:be:d9:5b:a6:45… Continue reading Dumpcap capture filter syntax – wlan addr1 question [on hold]
I have a question that I can’t seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution.
At my work, we process wireless sniffs in wireshark. We have a shel… Continue reading Wireshark decrypt and save wireless packets from command line
I have a question that I can’t seem to find a complete answer for. This may not be something that is possible, but I am hoping someone will have a solution.
At my work, we process wireless sniffs in wireshark. We have a shel… Continue reading Wireshark decrypt and save wireless packets from command line