 | 1 | initial version |
I downloaded Wireshark on 6-2-23
...
The hack has total control of my MacBook, my iPhone and the iPhones and computers of my 2 kids. This has been goin on now for multiple years
OK, so the hack has nothing to do with Wireshark, unless you installed Wireshark several years ago; Wireshark is only involved in an attempt to see if any network traffic to and from your machine might have something to do with the hack.
The best thing to do about the hack is to take your machines (Mac and iPhones) to the Genius Bar at an Apple Store, or to a third-party Apple support service, and show the people there exactly what's happening. For example, since you "can't even open a file without the admin login which they changed my passwords for", show them exactly what happens when you try to open a file, and show them that the admin password that you had no longer works. Similarly, show them what the problems are with the iPhones.
Directly showing somebody the problem, rather than describing it over the phone to some tech support person, makes it a lot more immediately obvious what the problem is, so that they can give a better answer than just "reset everything".
So I looked at the plug-in file within the Wireshark package and found the plug in that I posted a few pdf pages from.
Yes, we do ship some plugins as part of Wireshark, so the answer to the question "does Wireshark use plugins" is "yes", not "no".
None of the plugins are PDFs; we do not ship any PDFs with Wireshark. I don't know what "download the plugin as a PDF" means; for one thing, the plugin in question isn't a separate download, it's part of Wireshark, and, for another thing, the plugin isn't a PDF, so at most you could give it a name that ends with ".pdf", but that doesn't make it into a PDF. (If I make a copy of that plugin, and give it a name that ends with ".pdf", neither Preview on Ventura, nor Acrobat Reader, will read it; they report it as being damaged, which really means "isn't even a PDF file" in this case.)
The stuff you posted looks like binary code files, which is what the Wireshark application, its libraries, and its compiled plugins are.
Some of the text that showed up in the file comes from text strings in the code for the plugin. In particular, "Range of packet sizes to count" is in the "Packet Lengths" plugin (Statistics > Packet Lengths), so that's the plugin you looked at - /Applications/Wireshark.app/Contents/PlugIns/wireshark/4-0/epan/stats_tree.so, in the standard Wireshark 4.0 installation.
Other text corresponds to names of routines in various Wireshark libraries that are called by the plugin, so that the code in macOS that programs and library routines uses to load plugins can make the calls to the library routines call the right routine.
On macOS, those plugins are signed with the Wireshark developers' certificate, which is why the strings "Developer ID", "Certification Authority", and "Wireshark Foundation, Inc.", and some of the other strings, appear. The certification and notarization process may also add Apple's name, so those strings aren't necessarily an indication that 1) Wireshark was made to look like an application from Apple or 2) that some third party tried to make it look that way
