Ok, I have debated where to post this question. Should it be in Software? Networking? Security? Since I am going through a security class, I decided to post it here in hopes that other security gurus may have came accross the problem. Ok so, I am in a security class and they give you a wireshark capture file with RTP traffic and want you to dump the payloads into an audio file.
Pretty easy with wireshark:
Telephony -> RTP -> Show all streams...
Pick Stream -> Analyze
Save Payload
Format: RAW, Channels: BOTH -> OK
Ok so here is the problem when I do this I get: Can't save reversed direction in a file: Unsupported codec! At first I thought I was missing an audio codec it needs but I can't find it. I've searched the web and found one post that wasn't very helpful. If anyone can give me a hand that would be great.
As part of a research experiment, we need to use a web proxy and direct certain users from their computers through that web-proxy. Given that we do not have access to DHCP logs (this is on a college campus), we have asked each user to go through the proxy using a different port number so we can differentiate between them. Now as a result of doing this, the entire TCP packet is encapsulated as payload data within the captured packet (using tshark to capture the packets). Now I need to be able to parse the payload for statistics including the URL. I am not sure how best to proceed. I cannot find a utility that will just output the payload and then I can probably parse the output.
I have a questions regarding iptables/netfilter and payload inspection (not headers).I have 2 servers (A and B) connected together. Server A sends information from sensors to server B.Server B process the information and send a few packets back to A.I would like to filter the packet sent back from B to A (by putting a Linux gateway in between).I know the size and the content of these packets sent to A. Is it possible to use iptables/netfilter with advanced options in order to perform the following algo:
when a packet arrive on the gateway compare the packet received on the gateway with my internal base of knowledge of payload if the packet match one of the possibility forward the packet else drop the packet endif parse the following packet received on the gateway
How can I send already encapsulated Ethernet frame payload to server? Basically what I would like to do is to is route Ethernet packages I get from other peripherals to their needed destinations and packets I receive send to requested device on peripheral. Program will be running on BeagleBone Black with Debian OS. Steps program should do from my point of view:
# <IPv6<UDP<DATA>>> packet received on some peripheral (UART in exact case) sent to server requested by <IPv6> destination address field# <IPv6<UDP<DATA>>> packet need to be sent to server that server application would receive <DATA> extracted from IPv6 and UDP encapsulation# <IPv6<UDP<DATA>>> packet need to be sent to server that server would know that device which is requested is available in BBB local network# <IPv6<UDP<DATA>>> packet received from server would be sent to requested device
From what I already found out I need to add routing header to packet I want to send and pass it to MAC encapsulation layer, or there is service which can add routing header and pass to other layers for me?
Also how can I get data sent from server, since if I'm not very wrong, system should receive them also encapsulated in Routing header, not as RAW data payload.
I have some issues while installing wireshark-gnome. see the below logs. I am using Fedora 13. I am seeing some transaction error when I issue "yum install wireshark-gnome".
[root@Fedora-ipv6 ~]# yum install wireshark-gnome Loaded plugins: fastestmirror, presto, refresh-packagekit Loading mirror speeds from cached hostfile Setting up Install Process Resolving Dependencies --> Running transaction check
The Wireshark website specifically warns against running WireShark as Root....
Quote:
Administrator/root account not required!
Many Wireshark users think that Wireshark requires a root/Administrator account to work with.
That's not a good idea, as using a root account makes any exploit far more dangerous: a successful exploit will have immediate control of the whole system, compromising it completely.
First of all, most Wireshark functions can always be used with a (probably very limited) user account. In particular, the protocol dissectors which have shown most of the security related bugs do not need a root account!
Only capturing (and gathering capture interface information) may require a root account, but even that can usually be "circumvented", see CaptureSetup/CapturePrivileges for details how to do so.
I freshly installed Wireshark on my PC by running 'yum install wireshark'. Installation succeeded. But then I cannot find how to start Wireshark. I looked already in different folders by using locate ( and updatedb) but I cannot find the place where I should invoke the program. How I can start my program?
I am doing security stuff under linux... I've heard of Wireshark and Snort and dsniff and have been reading up on them on wikipedia pages but the big picture is not clear to me yet. Are things like Wireshard and Snort BASED on the functionality of iptables in Linux? I read that you have to be root to run iptables, but not to run Wireshark right? Yet Wireshark is dependent on iptables.
The error is as follows: kernel: Uhhuh. NMI received for unknown reason 3c on CPU 0. kernel: Do you have a strange power saving mode enabled? kernel: Dazed and confused, but trying to continue
I run into this error while trying to install wireshark. I am sure there is a quick fix. I can see the files are different I just don't know how to resolve the error.
Test Transaction Errors: file /usr/lib/python2.6/site-packages/wireshark_be.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_be.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_gen.pyc from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686 file /usr/lib/python2.6/site-packages/wireshark_gen.pyo from install of wireshark-1.2.6-2.fc12.x86_64 conflicts with file from package wireshark-1.2.6-2.fc12.i686
I'm loving FC14, but I just find out that Wireshark is not working, as it was on FC13.Here is what's happening..... When running the application I get prompt for authentication, that was fine under FC13. I used to type my super user password, andthat was it. On FC14 I get nothing.Now when I skip the authentication the Wireshark Gui comes up, but it has no interfaces showing on my list.What I have!:
I've run into a sort of catch 22.I installed wireshark via apt-get on my Eee 1008HA, but when it is launched, it does not allow any capture interfaces. I think this is because the shortcut created in my applications paneldoes not start it as root.So I went into terminal, typed in "sudo wireshark" and it popped up, as root. I was then able to capture on my wireless interface. However, if I try and specify my home folder as the location for the capture to be saved, I get an error that permission was denied, which seems odd since the process is running as root and should be able to do pretty much whatever it wants. How can I get wireshark set up so I can both capture _and_ save the .pcap files I generate? I'm running karmic koala, the full output of uname -a is: Linux ruckus-laptop 2.6.31-14-generic #48-Ubuntu SMP Fri Oct 16 14:04:26 UTC 2009 i686 GNU/Linux.
I have an ubuntu PC with 2 nics, 1 for the internet, the other one should be to connect other computers an analyze the network traffic with Wireshark. How do I configure this 2nd nic to achieve this.
I remember that in the past, I succeed to sniff network traffic with Wireshark but when I tried lately, it didn't work. - Enabled monitor and promisc mode using the command line and launched Wireshark with option 'promisc mode' on: didn't work. - Directly launched Wireshark with option 'promisc mode' on: didn't work. - Did the both previous things with option 'promisc mode' off: didn't work.
I'm running behind a 2wire NAT Router with only have smtp, www, pop3 open routing to my ubuntu VM server. Network also includes three other ubuntu VM server's and a Desktop. I'm the only one on the network so my question is, what security risk is there running WireShark as root? Because running it under dumpcap is horrible after you quit. It hogs up all the resource to remove the dump.
Was trying to use wireshark to pen test my network and I can't get it to work properly.When capturing on my main wireless card wlan0 atheros ath9k the program freezes after a short while and I can't even access the web anymore. Not to mention it stops capturing. I have to disconnect and reconnect to get back on the web. Not sure what is going on here. I get the following output in terminal:
(wireshark:2240): GLib-GObject-WARNING **: /build/buildd/glib2.0-2.26.0/gobject/gsignal.c:3081: signal name `depressed' is invalid for instance `0x2142cb68'
I am trying to use wireshark on my ubuntu 10.10 laptop. However I have found out that wireshark will only detect my network cards when it is started with root permissions. How would I make it automatically start with root permissions?
I installed Wireshark 1.2.7 on my Lenovo X61 tablet PC running Ubuntu 10.04 lucid during the quest for a decent signal strength meter for available wifi access points. What is a good software or hardware method to TEST WiFi strength & power?But I can't get Wireshark to do the simplest thing, which is to "Capture Interfaces".
I am new to using wireshark and I've been browsing around the packets it a bit. I figured I'd try and use it to cut into a protocol that isn't documented, that I can find, but doesn't seem particularly secure. I tried cutting into a protocol and I turned _everything_ off, but wireshark was still picking up packets left right and centre. So I decided to stop the internet daemon and still, packets were being sent over the internet. So I decided to pick some of the IPs and do a reverse look-up. Each and every one of the IPs are of Russian origin or close.
I'm under the impression that these are unwanted packets. I've also noticed that they are sending data from the same port: 32165. Another thing I noticed while doing reverse look-ups is a lot of these IPs are hit in 'Spam & Open Relay Blocking System' and 'Project Honey Pot' which seem to be spam blockers and trackers. What I should do or what I should investigate? The reverse look-ups are only providing me with the ISP which 'owns' the IP block the IP is apart of. They are from various ISPs every time.
I'm trying to install Wireshark but I have this message : "configure: error: Header file pcap.h not found; if you installed libpcap from source, did you also do "make install-incl", and if you installed a binary package of libpcap, is there also a developer's package of libpcap and did you also install that package?" I tried to use #yum -y install wireshark but didn't work.
I want to use wireshark network traffic analyser to analyse ethernet traffic in a "Abis over IP" based GSM cellular communication network. Can anybody guide me how to install WireShark in my Ubantu 9.10 Live USB drive. I cannot access internet with this USB drive but i can download pacages in a windows machine. I need to know which pacages to download and how to build wireshark from source.
I have fc12.x86_64, installed wireshark yum install wireshark.x86_64 and wireshark.i686but can't see in kde menu or in command prompt (wireshark) but can see dir whereis wiresharkwireshark: /usr/lib64/wireshark /usr/share/wiresharkAny help/url to install and run in fc12 kde environment
When I try to install the wireshark-gnome interface I get a notice about needing two dependencies. One is portaudio and the other is the jack-audio-connection-kit. Seems like kind of odd dependencies for wireshark. Do wireshark really need them? VoIP related maybe?
