wireshark

Anyone had any experience with *.pcap manipulation libs?

I'm using the SharpPcap + PacketDotNet libraries to process some .pcap files and came across a bug in the way the timestamps are calculated. Take this Timeval property, which is something along these lines: PosixTimeval Timeval { DateTime Date; ulong Seconds; ulong MicroSeconds; } The problem is as follows: Suppose you ha...

Building a webserver, client doesn't acknowledge HTTP 200 OK frame.

Hi there, I'm building my own webserver based on a tutorial. I have found a simple way to initiate a TCP connection and send one segment of http data (the webserver will run on a microcontroller, so it will be very small) Anyway, the following is the sequence I need to go through: receive SYN send SYN,ACK receive ACK (the connection ...

What is a header? Especially, what are POST@GET headers?

Hello, I've been trying to find a Python code that would log in to my Yahoo account from "Google App Engine". One supporter on "StackOverflow" gave me this three-step plan: Simulate normal login and save login page that you get; Save POST&GET headers with "Wireshark"; Compare login page with those headers and see what fields you need ...

Packet capture API - Wireshark or Microsoft Network Monitor?

I am wanting to write a C# service which runs on my server and monitors network traffic and writes it to a database for analysis. I have used Wireshark, but I think that Microsoft Network Monitor may have a better C# .NET interface for programming against. Is this true? Can you point me to some good code samples for using Microsoft Ne...

writing a program to ban a user (by MAC address) from a network

I'm not sure if this is possible at the application layer. Can a program be written to read and analyze packets (maybe interfacing with wireshark through it's lua api) and ban MAC addresses with suspicious network traffic? (defining suspicious network traffic as packet injection patterns similar to known attacks) ...

Wireshark doesnt' recognises RTMP streams

Hello! I found on the web few samples on tracking RTMP (Real Time Messaging Protocol) with Wireshark, but it doesn't work for me. All RTMPT packets rendered as basic TCP packet like this: 149 14.324999 85.115.xxx.xxx 192.168.1.20 TCP macromedia-fcs > 54557 [ACK] Seq=1 Ack=1452 Win=69 Len=0 I'm using Wireshark 1.2.8 with all prot...

UDP packages appear in wireshark, but are not received by program

Hello everybody, I am trying to read UDP packages sent by an FPGA with my computer. They are sent to port 21844 and to the IP 192.168.1.2 (which is my computer's IP). I can see the package in wireshark, they have no errors. When I run however this little python script, then only a very very small fraction of all packages are received by ...

Wireshark Plugin: Is There a non-ntoh Version of tvb_get_ntoh64?

I am writing a Wireshark dissector plugin for a protocol that does not hton it's data, and I need to extract a 64-bit data value without doing any endian conversions. Is there a version of tvb_get_ntoh64 included in the Wireshark libraries that does not do the ntoh? ...

Wireshark Plugin: Dissecting Payloads With Multiple Packets Per UDP Frame

I am writing a Wireshark plugin to dissect a protocol that places multiple application-level packets in a single UDP frame. There is no enclosing protocol that indicates how many packets there are in the frame. So essentially, the payload coming down the wire will look like this: uint64 sequence1 uint64 data1 uint8 flags1 uint64 s...

OpenSSH connection trouble

Hi, I'm trying to use Putty 0.60 to log in to an OpenSSH 5.3 server. Connections with openssh from another Linux server are possible, but Putty fails. Putty's event log tells me "software caused connection abort" right after the DH key exchange, the server log doesn't report anything (set to INFO). I analyzed the traffic with Wireshark ...

Wireshark Dissector: How to Identify Missing UDP Frames?

How do you identify missing UDP frames in a custom Wireshark dissector? I have written a custom dissector for the CQS feed (reference page). One of our servers gaps when receiving this feed. According to Wireshark, some UDP frames are never received. I know that the frames were sent because all of our other servers are gap-free. A C...

Lua for Wireshark: Tvp.new_real() doesn't exist?

The documentation for Lua for Wireshark claims that the Tvp class has a new_real() method. However, this method seems to not exist when I try to use it in my Lua script. I'm using Wireshark 1.3.5 (latest dev version) for Windows x64. Did the method get renamed? If so, to what? Is there a better support forum for this particular question?...

Content-Disposition header missing at client

I have a php add which calls LaTeX then passes the PDF to the browser. Since my users will be paying for this service, I want to make sure they are given the option to save the PDF rather than hitting my server again and again. exec("cd tex && latex {$_SESSION['sen_id']}.tex && pdflatex {$_SESSION['sen_id']}.tex", $output); $pdf = subst...

Using Wireshark With Local Test Application

I have written a small client server socket application. It is a proof of concept for some socket programming that I want to apply to a much bigger project. For the moment I want to user wireshark to analyse the traffic that goes between them. They are both running on my local machine. I have installed a loopback interface, and have tr...

render network dumps to html (using wireshark sdk)

Hi all, I'm looking for a program to render network dumps to html. Ideally I was looking for something written with the wireshark sdk (regardless of the language at this point) as wireshark is for me the reference in packet capture analysis. Thanks. ...

Logging network traffic

I would like to log network traffic on my ADSL connection. The object of this is to see the changes in B/W throughout the day. I have installed wire-shark and I see that it generates a nice log file which can be exported to CSV. The problem is I would like to get the length of each packet os that I can anlayze them over time. This inform...

A JAVA API to look at the winpcap files

Hello guys I am capturing a network traffic and need to analyse the captured traffic. I recommended to find a JAVA API and I found the jNETpcap. I just wonder if any one has any experience related to this or have worked with jNETpcap. Any help would be much appreciated. Regards Somayeh ...

Corrupted audio payload

I am trying to stream a MP3 over the LAN using VLC Player(1.0.5.0), RTP multicast. On observation with wireshark in the receiving side,it interprets all the below fields: padding, extension, contributing source identifier count as 0, which means there are no additional byte after the first 12 bytes of fixed RTP header. But I could see ...

wireshark and tcpdump -r: strange tcp window sizes

I'm capturing http traffic with tcpdump and am interested in TCP slow start and how window sizes increase: $ sudo tcpdump -i eth1 -w wget++.tcpdump tcp and port 80 When I view the dump file with Wireshark the progression of window sizes looks normal, i.e. 5840, 5888, 5888, 8576, 11264, etc... But when I view the dump file via $ tcpd...

How to "replay" wireshark c-array in perl or C

How would one go about taking hex data into a program and sending it back out? char peer0_0[] = { 0x00, 0x00, 0x10, 0x01, 0xbf, 0x8b, 0xf9, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x07 }; char peer0_1[] = { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04 ...