Ask Your Question

Bob Jones's profile - activity

2024-03-08 13:40:49 +0000 commented question "unable to set channel or offset" when switching WiFi channels

How, exactly, do you have this setup? Are you doing something like this: https://www.intuitibits.com/2021/03/08/capturi

2024-03-01 16:15:48 +0000 commented question Why can't I see network adapters, or capture on them, after installing Wireshark on Ubuntu?

There are instructions to configure capture for non-elevated users: https://wiki.wireshark.org/CaptureSetup/CapturePrivi

2024-02-26 22:03:41 +0000 commented question Is there anyway to view the data rate per packet or packet transmission duration?

What type of traffic do you have captured - is it 802.11/monitor mode? If so, there are other fields that may contain d

2024-02-26 22:03:24 +0000 commented question Is there anyway to view the data rate per packet or packet transmission duration?

What type of traffic do you have captured - is it 802.11/monitor mode? If so, there are other fields that may contain d

2024-02-23 15:41:18 +0000 commented question Network interface doesn't show up on Linux

That adapter generally works, either in managed or monitor mode. Did you setup capture permissions properly? https://w

2024-02-16 14:39:56 +0000 commented answer How to decrypt WPA with tshark

Did you read the comments at the bottom of the tshark.dev page? They describe the same situation that you are in.

2024-02-16 14:12:59 +0000 received badge  Rapid Responder (source)
2024-02-16 14:12:59 +0000 answered a question How to decrypt WPA with tshark

I don't think there is support for what you want - save a decrypted wireless trace as pcap/pcapng. For TLS, hooks exist

2024-02-06 19:08:36 +0000 commented question match eapol to ssid

There is no radiotap or PPI header here - how are you capturing the monitor mode frames?

2024-02-06 19:08:29 +0000 edited answer match eapol to ssid

I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. I

2024-02-06 19:05:59 +0000 answered a question match eapol to ssid

I think you want to match up the BSSID field from the eapol frames to another frame type that contains the SSID name. I

2024-02-06 19:05:59 +0000 received badge  Rapid Responder (source)
2024-02-01 23:47:26 +0000 commented answer How to decode WPA3_SAe using cmds in linux via tshark

You should create a new post - no one will see this except for those of us who worked on this one before. You will want

2024-01-20 21:56:56 +0000 answered a question Deauth attack

Sometimes, yes.

2024-01-20 21:56:56 +0000 received badge  Rapid Responder (source)
2024-01-11 18:24:18 +0000 commented answer Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems

Look at the source IP in the screenshot - it is 192.168.0.1 as the sender of the TCP reset to close the connection.

2024-01-11 11:46:00 +0000 received badge  Rapid Responder (source)
2024-01-11 11:46:00 +0000 answered a question Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems

that the problem is likely originating from the Mettler Toledo IND570 Funny how the one vendor blames the other as if

2024-01-10 19:55:18 +0000 commented question Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems

You need access Request access, or switch to an account with access. Learn more Can you make publicly available?

2024-01-10 19:54:59 +0000 commented question Prosoft AN-X4 to Mettler Toledo IND570 Communication Problems

You need access Request access, or switch to an account with access. Learn more Can you make publicly available?

2024-01-08 12:19:46 +0000 commented question why do my devices connect and disconnect 3 times on home wifi

Is there a Wireshark question here? Wireshark might help you diagnose the issue but you would have to first collect a m

2023-12-21 11:57:52 +0000 edited answer detect all IPs/MACs on network?

I am not sure Wireshark is the best tool for this. Some options: Specific tool for this, like lansweeper and probably

2023-12-21 11:51:31 +0000 received badge  Rapid Responder (source)
2023-12-21 11:51:31 +0000 answered a question detect all IPs/MACs on network?

I am not sure Wireshark is the best tool for this. Some options: Specific tool for this, like lansweeper and probably

2023-12-21 11:19:59 +0000 answered a question Wireshark shows only 802.11 packets

The github site for your driver says this: Recommendation: Do not buy adapters based on this chipset. You will be disa

2023-12-21 11:19:59 +0000 received badge  Rapid Responder (source)
2023-12-18 19:56:57 +0000 answered a question Only receiving 802.11 Packets.

Assuming this is an issue with decryption, but you could have other issues since you are using an RTL chipset in monitor

2023-12-18 19:56:57 +0000 received badge  Rapid Responder (source)
2023-12-08 10:52:13 +0000 received badge  Rapid Responder (source)
2023-12-08 10:52:13 +0000 answered a question how to enable monitor mode in windows 11

Please guide me to how I can enable monitor mode and capture eapol and http packets. I guess you should start with

2023-12-05 11:35:51 +0000 commented question why does wireshark not change change the filter from tcp to udp when i monitor wireless traffic

There are two kinds of filters, capture and display. Is this a display filter? Are you capturing wireless traffic in m

2023-11-05 17:05:15 +0000 commented question No received ipv4 packets that were actually received by iot

Its not that clear what you have set up. You describe wireless and wired capture but you don't say where you have ident

2023-10-19 16:54:48 +0000 received badge  Rapid Responder (source)
2023-10-19 16:54:48 +0000 answered a question How can I monitor 11ax 160M on channel 5570?

The wireless toolbar has been removed for a long time now, so you must be using an older version of Wireshark. Anyway,

2023-09-30 14:39:56 +0000 commented question tcpdump overlapping packets

Could it be as simple as a time change on the capturing system? System time gets pushed out by 3min, then gets correcte

2023-09-30 11:26:13 +0000 commented question tcpdump overlapping packets

The file is not available for download. Suggest you make access 'Public' for others to look at.

2023-09-07 23:15:16 +0000 commented answer How do i decrypt wpa3 packets using wireshark.

At least for wpa_supplicant, the PMK is shown in the debug output as something like this: WPA: PMK - hexdump(len=32): d

2023-09-07 23:15:00 +0000 commented answer How do i decrypt wpa3 packets using wireshark.

At least for wpa_supplicant, the PMK is shown in the debug output as something like this: WPA: PMK - hexdump(len=32): d

2023-09-07 23:08:34 +0000 answered a question How do i decrypt wpa3 packets using wireshark.

Some info here: https://wiki.wireshark.org/HowToDecrypt802.11 Namely the flags for running hostapd, -d and -K which wil

2023-09-07 23:08:34 +0000 received badge  Rapid Responder (source)
2023-09-06 09:56:29 +0000 commented answer Raspberry Pi capture of 802.11 packets not showing data packets

I see - this capture is a mess. You are not trying to inject anything on this interface, correct? These frames seem un

2023-09-04 18:44:52 +0000 commented answer Raspberry Pi capture of 802.11 packets not showing data packets

Have a look at your channels in this capture - something is making your adapter move across all channels, 2.4 and 5GHz.

2023-09-03 11:25:42 +0000 commented answer Raspberry Pi capture of 802.11 packets not showing data packets

What I would do - in no particular order: Try another adapter - select preferred from here: https://github.com/morrown

2023-09-02 13:02:52 +0000 received badge  Rapid Responder (source)
2023-09-02 13:02:52 +0000 answered a question Raspberry Pi capture of 802.11 packets not showing data packets

Limited information is provided, but the most likely cause is explained many times here; for example: https://ask.wire

2023-08-23 10:15:23 +0000 commented question Capture 802.11ax packets using Wireshark in Windows 10/11. Compatible Adapters

If there are any adapters that will do 11ax monitor mode on Windows, its probably a very short list. The npcap website

2023-07-27 14:59:01 +0000 commented question I get the error "unable to set channel or offset". I want to check permissions, but the directory .config/wireshark is empty. What do I have to do?

If you read the docs for airmon-ng, you can check kill to stop interfering processes and also use it to start the interf

2023-07-24 19:55:00 +0000 answered a question I get the error "unable to set channel or offset". I want to check permissions, but the directory .config/wireshark is empty. What do I have to do?

Passing adapters through to VMs can work sometimes, but is often problematic. From a production point of view, I would

2023-05-20 21:22:50 +0000 answered a question How to decrypt TLS in TCP ?

If you can access the key material, it is exactly the same. You may need to set ‘decode as’ to tls, but if key material

2023-05-20 21:22:50 +0000 received badge  Rapid Responder (source)