This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Identify Personal information from packet captured by Wireshark

0

Hi

Sorry for my poor english.

I am using wireshark as a tool to investigate network problems. Is it possible that the packet captured by Wireshark may contain Personal information? If the packet contain Personal information,are they encrypted? Is these a possibility that these information got identified?

Thanks

asked 09 Dec '15, 01:38

udtren's gravatar image

udtren
6113
accept rate: 0%


One Answer:

1

Wireshark is a tool for analysing network traffic and identifying eventual problems. Its intention and purpose is to display anything what happens on the network as anything may be important for the analysis and solution.

So yes, if the personal (or in other way sensitive) information is transported over the network without encryption, Wireshark will display it, just like any other tool you would use to sniff network traffic, so declaring Wireshark illegal would not help you protect that information from unauthorized access.

Even if the information is encrypted and the analyst receives the necessary keys from the person who has access to these keys, in many cases Wireshark is able to decrypt that information into its original form. In other cases, the encryption method is not publicly known so Wireshark is unable to decrypt such communication even if the keys or passwords are available.

Whether a given packet is encrypted or not does not depend on Wireshark but on the application which has sent the packet.

If you are asking because you have a Wireshark capture file which you would like to share with someone to help you analyse it and understand what happens there, there are tools allowing you to strip the informational contents beyond the protocol headers (so the analysis of protocol issues is still possible but the application information transported by that protocols is removed from the capture). It is also possible to replace each individual address in the capture by another one, making equipment identification impossible. Search the internet for the TraceWrangler tool, which can do far more than that but capture anonymization is one of its popular features.

answered 09 Dec '15, 03:09

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 09 Dec '15, 03:21

I think i got it. Thank you for answering.

(09 Dec '15, 04:46) udtren