2024-04-22 10:29:50 +0000 | answered a question | Is there any capture filter available to capture only beacons and action frames that contain Channel Switch Announcement frames in them? Reviewing the capture filter syntax, I don't think there is anything to specifically get frames at this level of detail |
2024-03-30 13:11:49 +0000 | answered a question | Install Wireshark silently and capture traffic when the user logs in Why do you need a silent install? Is there a reason you have to capture locally on the box? Capture external to the bo |
2024-03-30 13:11:49 +0000 | received badge | ● Rapid Responder (source) |
2024-03-25 17:26:09 +0000 | received badge | ● Rapid Responder (source) |
2024-03-25 17:26:09 +0000 | answered a question | How to add decryption keys along with key type via tshark? This has an example: https://ask.wireshark.org/question/28766/tshark-how-to-decode-80211-capture-with-temporal-key/ |
2024-03-08 13:40:49 +0000 | commented question | "unable to set channel or offset" when switching WiFi channels How, exactly, do you have this setup? Are you doing something like this: https://www.intuitibits.com/2021/03/08/capturi |
2024-03-01 16:15:48 +0000 | commented question | Why can't I see network adapters, or capture on them, after installing Wireshark on Ubuntu? There are instructions to configure capture for non-elevated users: https://wiki.wireshark.org/CaptureSetup/CapturePrivi |
2024-02-26 22:03:41 +0000 | commented question | Is there anyway to view the data rate per packet or packet transmission duration? What type of traffic do you have captured - is it 802.11/monitor mode? If so, there are other fields that may contain d |
2024-02-26 22:03:24 +0000 | commented question | Is there anyway to view the data rate per packet or packet transmission duration? What type of traffic do you have captured - is it 802.11/monitor mode? If so, there are other fields that may contain d |
2024-02-23 15:41:18 +0000 | commented question | Network interface doesn't show up on Linux That adapter generally works, either in managed or monitor mode. Did you setup capture permissions properly? https://w |
2024-02-16 14:39:56 +0000 | commented answer | How to decrypt WPA with tshark Did you read the comments at the bottom of the tshark.dev page? They describe the same situation that you are in. |
2024-02-16 14:12:59 +0000 | received badge | ● Rapid Responder (source) |
2024-02-16 14:12:59 +0000 | answered a question | How to decrypt WPA with tshark I don't think there is support for what you want - save a decrypted wireless trace as pcap/pcapng. For TLS, hooks exist |
2024-02-06 19:08:36 +0000 | commented question | match eapol to ssid There is no radiotap or PPI header here - how are you capturing the monitor mode frames? |
2024-02-06 19:08:29 +0000 | edited answer | match eapol to ssid I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. I |
2024-02-06 19:05:59 +0000 | answered a question | match eapol to ssid I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. I |
2024-02-06 19:05:59 +0000 | received badge | ● Rapid Responder (source) |
2024-02-01 23:47:26 +0000 | commented answer | How to decode WPA3_SAe using cmds in linux via tshark You should create a new post - no one will see this except for those of us who worked on this one before. You will want |
2024-01-20 21:56:56 +0000 | answered a question | Deauth attack Sometimes, yes. |
2024-01-20 21:56:56 +0000 | received badge | ● Rapid Responder (source) |
2024-01-11 18:24:18 +0000 | commented answer | Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems Look at the source IP in the screenshot - it is 192.168.0.1 as the sender of the TCP reset to close the connection. |
2024-01-11 11:46:00 +0000 | answered a question | Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems that the problem is likely originating from the Mettler Toledo IND570 Funny how the one vendor blames the other as if |
2024-01-11 11:46:00 +0000 | received badge | ● Rapid Responder (source) |
2024-01-10 19:55:18 +0000 | commented question | Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems You need access Request access, or switch to an account with access. Learn more Can you make publicly available? |
2024-01-10 19:54:59 +0000 | commented question | Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems You need access Request access, or switch to an account with access. Learn more Can you make publicly available? |
2024-01-08 12:19:46 +0000 | commented question | why do my devices connect and disconnect 3 times on home wifi Is there a Wireshark question here? Wireshark might help you diagnose the issue but you would have to first collect a m |
2023-12-21 11:57:52 +0000 | edited answer | detect all IPs/MACs on network? I am not sure Wireshark is the best tool for this. Some options: Specific tool for this, like lansweeper and probably |
2023-12-21 11:51:31 +0000 | answered a question | detect all IPs/MACs on network? I am not sure Wireshark is the best tool for this. Some options: Specific tool for this, like lansweeper and probably |
2023-12-21 11:51:31 +0000 | received badge | ● Rapid Responder (source) |
2023-12-21 11:19:59 +0000 | answered a question | Wireshark shows only 802.11 packets The github site for your driver says this: Recommendation: Do not buy adapters based on this chipset. You will be disa |
2023-12-21 11:19:59 +0000 | received badge | ● Rapid Responder (source) |
2023-12-18 19:56:57 +0000 | answered a question | Only receiving 802.11 Packets. Assuming this is an issue with decryption, but you could have other issues since you are using an RTL chipset in monitor |
2023-12-18 19:56:57 +0000 | received badge | ● Rapid Responder (source) |
2023-12-08 10:52:13 +0000 | received badge | ● Rapid Responder (source) |
2023-12-08 10:52:13 +0000 | answered a question | how to enable monitor mode in windows 11 Please guide me to how I can enable monitor mode and capture eapol and http packets. I guess you should start with |
2023-12-05 11:35:51 +0000 | commented question | why does wireshark not change change the filter from tcp to udp when i monitor wireless traffic There are two kinds of filters, capture and display. Is this a display filter? Are you capturing wireless traffic in m |
2023-11-05 17:05:15 +0000 | commented question | No received ipv4 packets that were actually received by iot Its not that clear what you have set up. You describe wireless and wired capture but you don't say where you have ident |
2023-10-19 16:54:48 +0000 | received badge | ● Rapid Responder (source) |
2023-10-19 16:54:48 +0000 | answered a question | How can I monitor 11ax 160M on channel 5570? The wireless toolbar has been removed for a long time now, so you must be using an older version of Wireshark. Anyway, |
2023-09-30 14:39:56 +0000 | commented question | tcpdump overlapping packets Could it be as simple as a time change on the capturing system? System time gets pushed out by 3min, then gets correcte |
2023-09-30 11:26:13 +0000 | commented question | tcpdump overlapping packets The file is not available for download. Suggest you make access 'Public' for others to look at. |
2023-09-07 23:15:16 +0000 | commented answer | How do i decrypt wpa3 packets using wireshark. At least for wpa_supplicant, the PMK is shown in the debug output as something like this: WPA: PMK - hexdump(len=32): d |
2023-09-07 23:15:00 +0000 | commented answer | How do i decrypt wpa3 packets using wireshark. At least for wpa_supplicant, the PMK is shown in the debug output as something like this: WPA: PMK - hexdump(len=32): d |
2023-09-07 23:08:34 +0000 | answered a question | How do i decrypt wpa3 packets using wireshark. Some info here: https://wiki.wireshark.org/HowToDecrypt802.11 Namely the flags for running hostapd, -d and -K which wil |
2023-09-07 23:08:34 +0000 | received badge | ● Rapid Responder (source) |
2023-09-06 09:56:29 +0000 | commented answer | Raspberry Pi capture of 802.11 packets not showing data packets I see - this capture is a mess. You are not trying to inject anything on this interface, correct? These frames seem un |
2023-09-04 18:44:52 +0000 | commented answer | Raspberry Pi capture of 802.11 packets not showing data packets Have a look at your channels in this capture - something is making your adapter move across all channels, 2.4 and 5GHz. |
2023-09-03 11:25:42 +0000 | commented answer | Raspberry Pi capture of 802.11 packets not showing data packets What I would do - in no particular order: Try another adapter - select preferred from here: https://github.com/morrown |
2023-09-02 13:02:52 +0000 | received badge | ● Rapid Responder (source) |
2023-09-02 13:02:52 +0000 | answered a question | Raspberry Pi capture of 802.11 packets not showing data packets Limited information is provided, but the most likely cause is explained many times here; for example: https://ask.wire |