| 2021-02-26 21:32:22 +0000 | commented question | Problem capturing packets between smartphone (Android 11) and printer both phone and printer are on same wifi (different channels) and connected to access point. my printer is w |
| 2021-02-24 17:50:20 +0000 | commented question | Problem capturing packets between smartphone (Android 11) and printer Could the Android 11 devices be using a more advanced modulation as compared to the other devices? If so, you will stru |
| 2021-02-16 17:18:34 +0000 | commented question | Any Best practice / hardening guides for Wireshark? Have you seen the security page - it might guide you into some best practices. https://wiki.wireshark.org/Security ... |
| 2021-02-16 17:17:49 +0000 | commented question | Any Best practice / hardening guides for Wireshark? Have you seen the security page - it might guide you into some best practices. https://wiki.wireshark.org/Security |
| 2021-02-12 18:42:49 +0000 | commented question | Targeted ARP packets getting forward to broadcast Did you isolate the source of these? Is your RaspberryPI sending them? Or is another entity on the network sending the |
| 2021-02-12 17:33:49 +0000 | commented question | Targeted ARP packets getting forward to broadcast Do you explicitly set the destination MAC in scapy and it is getting overwritten? |
| 2021-02-01 21:45:02 +0000 | commented question | eapol is malformed unless I assume don't have FCS but then all other packets are malformed I assume you are using a monitor mode adapter? And that you are not using the same adapter to connect to the AP and als |
| 2021-01-27 19:37:24 +0000 | commented answer | Wireshark Setup for 802.11ax association requests Good to know! Do you have any HE clients? I would be interested in comparing an HE capture from the MAC against the In |
| 2021-01-26 11:12:53 +0000 | commented question | How can I use the ssh key log file? Did you mean SSL/TLS or SSH? My SSH protocol preference does not have this field, though TLS does, as @GrahamB points o |
| 2021-01-25 11:18:05 +0000 | commented answer | Change Monitor Mode Channel on Mac OS Big Sur Have seen Airtool? Much simpler if it works in your environment - don't know if the new processor is a problem or not. |
| 2021-01-25 11:16:49 +0000 | commented answer | Change Monitor Mode Channel on Mac OS Big Sur Have seen Airtool? Much simpler. The early version was free and I could still find via google. |
| 2021-01-24 23:01:27 +0000 | answered a question | 802.11 no eapol visible my smartphone seems to use 5 ghz If the traffic you want to capture is on a 5GHz channel, then the capturin |
| 2021-01-24 23:01:27 +0000 | received badge | ● Rapid Responder (source) |
| 2021-01-21 01:34:00 +0000 | received badge | ● Rapid Responder (source) |
| 2021-01-21 01:34:00 +0000 | answered a question | Wireshark Setup for 802.11ax association requests Wifi6 is HE now, where VHT is WiFi5. If your clients and AP supports HE, wireshark can show HE modulated frames if capt |
| 2021-01-21 01:33:56 +0000 | received badge | ● Rapid Responder (source) |
| 2021-01-21 01:33:56 +0000 | answered a question | Wireshark Setup for 802.11ax association requests Wifi6 is HE now, where VHT is WiFi5. If your clients and AP supports HE, wireshark can show HE modulated frames if capt |
| 2021-01-19 16:27:53 +0000 | commented question | wireshark io graph can't show some parameters in Y field Wireshark has many parameters defined (1000s?). Exactly which one are you having issues with? You might want to share |
| 2021-01-18 21:08:52 +0000 | commented question | Can't see http traffic in my captures, hope you can help me If that frame has a bad FCS, decryption probably will not work. Try to get another set of eapol frames from the handsha |
| 2021-01-17 11:15:37 +0000 | received badge | ● Nice Answer (source) |
| 2021-01-16 17:19:46 +0000 | received badge | ● Rapid Responder (source) |
| 2021-01-16 17:19:46 +0000 | answered a question | 802.11 only Partially Decrypted With the capture file and key you provided, we can explain what you will/won't see in your environment. I think the dec |
| 2021-01-02 20:40:59 +0000 | commented question | Wireshark captures monitor mode "style" packets Do you have the monitor mode check box set in capture --> options? Maybe: you start Wireshark, it puts the adapter i |
| 2020-12-19 14:42:20 +0000 | commented question | Wireshark has stopped capturing packets in monitor mode on Windows 10. My network Interface is Intel Centrino Wireless-N 1030. If you were able to capture in monitor mode with Windows10, I consider you fortunate. I suspect this is an npcap issue |
| 2020-12-15 10:38:54 +0000 | commented answer | Is there a way to view what machine utilized the packet capture for the trace file? There are possibly some clues in the capture file that can provide evidence to support, though may not prove, that a par |
| 2020-12-10 18:07:14 +0000 | commented question | How do I capture http packets. I have already set up a decryption key for WPA/WPA2. Be sure you cover the 'gotchas' from the wiki: https://wiki.wireshark.org/HowToDecrypt802.11 |
| 2020-12-02 18:08:58 +0000 | answered a question | Wireless traffic analysis: what is recommended? Macbooks or Linux systems are typically the way to go. 802.11 capture on Windows is difficult. Even if you can get A |
| 2020-12-02 18:08:58 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-27 11:42:09 +0000 | commented question | TLS log file encryption with WireShark is not working properly WireShark doesn't show me a signle HTTP packet I guess your first problem is capturing traffic correctly before you eve |
| 2020-11-25 19:33:29 +0000 | edited answer | How to see if WPA/WPA2 is enabled? You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l |
| 2020-11-20 18:40:00 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-20 18:40:00 +0000 | answered a question | How to see if WPA/WPA2 is enabled? You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l |
| 2020-11-20 18:39:57 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-20 18:39:57 +0000 | answered a question | How to see if WPA/WPA2 is enabled? You want to look at the RSN IE (information element): Tag: RSN Information Tag Number: RSN Information (48) Tag l |
| 2020-11-15 11:44:34 +0000 | commented question | Cannot capture 'TCP Data' packet in monitor mode on 5.2GHz Best thing to do is to grab the probe and association requests/responses for the devices under review (i.e. the devices |
| 2020-11-13 20:14:22 +0000 | commented question | Cannot capture 'TCP Data' packet in monitor mode on 5.2GHz There are 2209 packets that contain TCP in the 'short' capture; try the following filter: tcp I don't know if this is |
| 2020-11-13 08:57:32 +0000 | commented question | Wireshark turning monitor mode off Did you turn the interface back on manually? |
| 2020-11-13 08:57:12 +0000 | commented question | Wireshark turning monitor mode off Did you turn it back on manually? |
| 2020-11-11 11:31:04 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-11 11:31:04 +0000 | answered a question | Is there a way to capture traffic of a single mobile application You probably want a display filter on TCP (or UDP) port. Most applications will use a specific port along with protocol |
| 2020-11-11 09:20:07 +0000 | commented question | Wireshark turning monitor mode off Did you turn off the Network Manager? |
| 2020-11-10 18:39:10 +0000 | commented answer | Can't capture data packets from unencrypted Wifi network in monitor mode Signal strength is very high. |
| 2020-11-10 12:05:21 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-10 12:05:21 +0000 | answered a question | Can't capture data packets from unencrypted Wifi network in monitor mode I am able to pickup some data frames with this filter: wlan.addr == 94:65:2d:2c:aa:79 and wlan.fc.type_subtype in {0x20 |
| 2020-11-05 19:58:50 +0000 | answered a question | How do I turn on monitor mode on Win10? Here are some instructions: https://nmap.org/npcap/guide/npcap-users-guide.html Frankly, though, npcap for Windows mon |
| 2020-11-05 19:58:50 +0000 | received badge | ● Rapid Responder (source) |
| 2020-11-05 02:02:58 +0000 | commented question | Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi? I have a pi device: cat /sys/firmware/devicetree/base/model Raspberry Pi 3 Model B Plus Rev 1.3 I followed the instru |
| 2020-11-05 02:02:23 +0000 | commented question | Has anyone gotten wireshark to capture data packets from a monitor mode interface on a raspberry pi? I have a pi device: cat /sys/firmware/devicetree/base/model Raspberry Pi 3 Model B Plus Rev 1.3 I followed the instru |
| 2020-10-27 09:50:43 +0000 | commented question | Not receiving EAPOL Messages #1 and #3 Key messages 1 and 3 are transmitted by the authenticator (access point) when using WPA2. I can make two guesses why yo |
| 2020-10-23 19:20:21 +0000 | commented question | Can't capture now, but could before. MacOS Catalina Is this wired or wireless? |
Copyright Wireshark Foundation, 2017-2020 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.