Ask Your Question

Bob Jones's profile - activity

2021-02-26 21:32:22 +0000 commented question Problem capturing packets between smartphone (Android 11) and printer

both phone and printer are on same wifi (different channels) and connected to access point. my printer is w

2021-02-24 17:50:20 +0000 commented question Problem capturing packets between smartphone (Android 11) and printer

Could the Android 11 devices be using a more advanced modulation as compared to the other devices? If so, you will stru

2021-02-16 17:18:34 +0000 commented question Any Best practice / hardening guides for Wireshark?

Have you seen the security page - it might guide you into some best practices. https://wiki.wireshark.org/Security ...

2021-02-16 17:17:49 +0000 commented question Any Best practice / hardening guides for Wireshark?

Have you seen the security page - it might guide you into some best practices. https://wiki.wireshark.org/Security

2021-02-12 18:42:49 +0000 commented question Targeted ARP packets getting forward to broadcast

Did you isolate the source of these? Is your RaspberryPI sending them? Or is another entity on the network sending the

2021-02-12 17:33:49 +0000 commented question Targeted ARP packets getting forward to broadcast

Do you explicitly set the destination MAC in scapy and it is getting overwritten?

2021-02-01 21:45:02 +0000 commented question eapol is malformed unless I assume don't have FCS but then all other packets are malformed

I assume you are using a monitor mode adapter? And that you are not using the same adapter to connect to the AP and als

2021-01-27 19:37:24 +0000 commented answer Wireshark Setup for 802.11ax association requests

Good to know! Do you have any HE clients? I would be interested in comparing an HE capture from the MAC against the In

2021-01-26 11:12:53 +0000 commented question How can I use the ssh key log file?

Did you mean SSL/TLS or SSH? My SSH protocol preference does not have this field, though TLS does, as @GrahamB points o

2021-01-25 11:18:05 +0000 commented answer Change Monitor Mode Channel on Mac OS Big Sur

Have seen Airtool? Much simpler if it works in your environment - don't know if the new processor is a problem or not.

2021-01-25 11:16:49 +0000 commented answer Change Monitor Mode Channel on Mac OS Big Sur

Have seen Airtool? Much simpler. The early version was free and I could still find via google.

2021-01-24 23:01:27 +0000 answered a question 802.11 no eapol visible

my smartphone seems to use 5 ghz If the traffic you want to capture is on a 5GHz channel, then the capturin

2021-01-24 23:01:27 +0000 received badge  Rapid Responder (source)
2021-01-21 01:34:00 +0000 received badge  Rapid Responder (source)
2021-01-21 01:34:00 +0000 answered a question Wireshark Setup for 802.11ax association requests

Wifi6 is HE now, where VHT is WiFi5. If your clients and AP supports HE, wireshark can show HE modulated frames if capt

2021-01-21 01:33:56 +0000 received badge  Rapid Responder (source)
2021-01-21 01:33:56 +0000 answered a question Wireshark Setup for 802.11ax association requests

Wifi6 is HE now, where VHT is WiFi5. If your clients and AP supports HE, wireshark can show HE modulated frames if capt

2021-01-19 16:27:53 +0000 commented question wireshark io graph can't show some parameters in Y field

Wireshark has many parameters defined (1000s?). Exactly which one are you having issues with? You might want to share

2021-01-18 21:08:52 +0000 commented question Can't see http traffic in my captures, hope you can help me

If that frame has a bad FCS, decryption probably will not work. Try to get another set of eapol frames from the handsha

2021-01-17 11:15:37 +0000 received badge  Nice Answer (source)
2021-01-16 17:19:46 +0000 received badge  Rapid Responder (source)
2021-01-16 17:19:46 +0000 answered a question 802.11 only Partially Decrypted

With the capture file and key you provided, we can explain what you will/won't see in your environment. I think the dec

2021-01-02 20:40:59 +0000 commented question Wireshark captures monitor mode "style" packets

Do you have the monitor mode check box set in capture --> options? Maybe: you start Wireshark, it puts the adapter i

2020-12-19 14:42:20 +0000 commented question Wireshark has stopped capturing packets in monitor mode on Windows 10. My network Interface is Intel Centrino Wireless-N 1030.

If you were able to capture in monitor mode with Windows10, I consider you fortunate. I suspect this is an npcap issue

2020-12-15 10:38:54 +0000 commented answer Is there a way to view what machine utilized the packet capture for the trace file?

There are possibly some clues in the capture file that can provide evidence to support, though may not prove, that a par

2020-12-10 18:07:14 +0000 commented question How do I capture http packets. I have already set up a decryption key for WPA/WPA2.

Be sure you cover the 'gotchas' from the wiki: https://wiki.wireshark.org/HowToDecrypt802.11

2020-12-02 18:08:58 +0000 answered a question Wireless traffic analysis: what is recommended?

Macbooks or Linux systems are typically the way to go. 802.11 capture on Windows is difficult. Even if you can get A

2020-12-02 18:08:58 +0000 received badge  Rapid Responder (source)
2020-11-27 11:42:09 +0000 commented question TLS log file encryption with WireShark is not working properly

WireShark doesn't show me a signle HTTP packet I guess your first problem is capturing traffic correctly before you eve

2020-11-25 19:33:29 +0000 edited answer How to see if WPA/WPA2 is enabled?

You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l

2020-11-20 18:40:00 +0000 received badge  Rapid Responder (source)
2020-11-20 18:40:00 +0000 answered a question How to see if WPA/WPA2 is enabled?

You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l

2020-11-20 18:39:57 +0000 received badge  Rapid Responder (source)
2020-11-20 18:39:57 +0000 answered a question How to see if WPA/WPA2 is enabled?

You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l

2020-11-15 11:44:34 +0000 commented question Cannot capture 'TCP Data' packet in monitor mode on 5.2GHz

Best thing to do is to grab the probe and association requests/responses for the devices under review (i.e. the devices

2020-11-13 20:14:22 +0000 commented question Cannot capture 'TCP Data' packet in monitor mode on 5.2GHz

There are 2209 packets that contain TCP in the 'short' capture; try the following filter: tcp I don't know if this is

2020-11-13 08:57:32 +0000 commented question Wireshark turning monitor mode off

Did you turn the interface back on manually?

2020-11-13 08:57:12 +0000 commented question Wireshark turning monitor mode off

Did you turn it back on manually?

2020-11-11 11:31:04 +0000 received badge  Rapid Responder (source)
2020-11-11 11:31:04 +0000 answered a question Is there a way to capture traffic of a single mobile application

You probably want a display filter on TCP (or UDP) port. Most applications will use a specific port along with protocol

2020-11-11 09:20:07 +0000 commented question Wireshark turning monitor mode off

Did you turn off the Network Manager?

2020-11-10 18:39:10 +0000 commented answer Can't capture data packets from unencrypted Wifi network in monitor mode

Signal strength is very high.

2020-11-10 12:05:21 +0000 received badge  Rapid Responder (source)
2020-11-10 12:05:21 +0000 answered a question Can't capture data packets from unencrypted Wifi network in monitor mode

I am able to pickup some data frames with this filter: wlan.addr == 94:65:2d:2c:aa:79 and wlan.fc.type_subtype in {0x20

2020-11-05 19:58:50 +0000 answered a question How do I turn on monitor mode on Win10?

Here are some instructions: https://nmap.org/npcap/guide/npcap-users-guide.html Frankly, though, npcap for Windows mon

2020-11-05 19:58:50 +0000 received badge  Rapid Responder (source)
2020-11-05 02:02:58 +0000 commented question Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi?

I have a pi device: cat /sys/firmware/devicetree/base/model Raspberry Pi 3 Model B Plus Rev 1.3 I followed the instru

2020-11-05 02:02:23 +0000 commented question Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi?

I have a pi device: cat /sys/firmware/devicetree/base/model Raspberry Pi 3 Model B Plus Rev 1.3 I followed the instru

2020-10-27 09:50:43 +0000 commented question Not receiving EAPOL Messages #1 and #3

Key messages 1 and 3 are transmitted by the authenticator (access point) when using WPA2. I can make two guesses why yo

2020-10-23 19:20:21 +0000 commented question Can't capture now, but could before. MacOS Catalina

Is this wired or wireless?