Capturing Interface When I choose the wifi interface in capturing, I get a list of TCPs and I have no idea what they mean. Most importantly, it says ethernet frame check sequence incorrect and I get no UDPs at all. This is a photo of what the screen shows http://postimg.org/image/6xzgbfq7r/ Thank you very much FOR ANYONE'S HELP. asked 17 Nov '14, 14:31  Davis edited 17 Nov '14, 16:37  Guy Harris ♦♦ |
One Answer:
"TLSv1.2" means that a protocol called "Transport Layer Security" is being used on the connection; it's the successor to SSL, for "Secure Sockets Layer", and provides encryption services for protocols such as HTTP, SMTP, etc. that run over TCP. Its main use is for HTTP; that's what "https" traffic is. "https" traffic usually goes to or from TCP port 443, so that's probably what this is. Unfortunately, because it's encrypted, it would need to be decrypted to see what's actually happening. The Wireshark Wiki page on SSL discusses, to some extent, how to do decryption, IF possible, but it's complicated, and not always possible. Is there some reason to expect UDP traffic on your network? For example, is there any audio or video player traffic, which might use RTP running on top of UDP? And as for the Ethernet frame check sequence, that's probably because, for whatever reason, Wireshark thinks the packets include the frame check sequence at the end of the packet when, in fact, they don't include it. Could you show us one of the packets where Wireshark reports that the Ethernet frame check sequence is incorrect, after opening up the display of the Ethernet and IP headers? answered 17 Nov '14, 16:46 Guy Harris ♦♦ |
