This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

wireshark with proxy?

0

Basically i want to use wireshark to grab ips in skype but i can't figure out how to get it to do it since i have a proxy and all my skype packets are sent threw the proxy. Anyone know how to do this? Thanks

asked 16 Nov '14, 12:42

bdoug101's gravatar image

bdoug101
11112
accept rate: 0%

Hello, I am having the same problem ... has a special command to find the exact header? like udp.srcport...

(27 Dec '14, 10:38) Anon741

see my answer. It contains everything you need.

(27 Dec '14, 11:10) Kurt Knochner ♦

One Answer:

1

Skype seems to be using "skype" in the User-Agent: header (HTTP) when talking to a proxy, so you could (probably) identify Skype traffic by looking at that header in a capture file.

http.user_agent contains "kype"

This will match lower case and upper case sSkype.

If you've identified those frame, simply look at the Host: Header and or the URL to identify the servers Skype is try to communicate with.

Regards
Kurt

answered 17 Nov '14, 16:15

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%