Ask Your Question

vladinko0's profile - activity

2020-06-09 14:43:52 +0000 received badge  Notable Question (source)
2020-03-30 10:19:21 +0000 received badge  Popular Question (source)
2020-03-09 19:09:01 +0000 marked best answer How to identify Rogue Access Point?

Is it possible to identify Rogue Access Point with Wireshark?

Thank You.

2020-03-05 13:41:07 +0000 commented answer How to identify Rogue Access Point?

Are there any criteria, when AP can be considered as a Rogue AP?

2020-03-05 12:45:41 +0000 asked a question How to identify Rogue Access Point?

How to identify Rogue Access Point? Is it possible to identify Rogue Access Point with Wireshark? Thank You.

2019-12-31 07:16:08 +0000 marked best answer How can I read a hex dump of packet data from TShark, filter it with a Python program, and write it out as a capture file?

Because display filters are not supported when saving captured data with tshark I am trying to create valid cap file that I can read in Wireshark.

I capture data with tshark -x

In python I am scraping raw data with:

substring = oneline[5:53]    
clean = ''.join([c for c in substring if 34 < ord(c) < 127])    
raw_packet += clean

I am converting these data back to raw hex data:

newFile = open("filename.cap", "wb")
newFile.write(bytes.fromhex(raw_packet))

I also tried:

newFile.write(bytearray(binascii.unhexlify(raw_packet)))

or

newFile.write(binascii.unhexlify(raw_packet))

But when I am open the filename.cap in Wireshark I don't see normal packet data:

Frame 1: 260 bytes on wire (2080 bits), 260 bytes captured (2080 bits)
    Encapsulation type: JavaScript Object Notation (175)
    Frame Number: 1
    Frame Length: 260 bytes (2080 bits)
    Capture Length: 260 bytes (2080 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: json:data-text-lines] JavaScript
Object Notation Line-based text data (1 lines)
     [truncated]\000\000 \000\[email protected]\000\240 \b\000\240
\b\000\000\020\002l\t\240\000\336\000d\000\000\000\000\000\000\001\200\000\000\000\377\377\377\377\377\377\264\373\344J\352\346\264\373\344J\352\346p!\200\201+A'\000\000\000d\0001\004\000\

Are raw data provided by tshark full?

How can I convert them back to Wireshark readable file?

Or what am I doing wrong?

2019-12-30 15:02:09 +0000 asked a question How can I read a hex dump of packet data from TShark, filter it with a Python program, and write it out as a capture file?

Are raw data provided by tshark full? Because display filters are not supported when saving captured data with tshark I

2019-12-16 17:20:28 +0000 asked a question RTL8812AU in SDU3-P7C3 hub works bad

RTL8812AU in SDU3-P7C3 hub works bad I am using USB-AC56 adapter and when it is connected directly to computers USB3 por

2019-12-04 07:18:10 +0000 marked best answer Positive value of antenna signal

Sometimes I see in packets captured by Wireshark in radiotap.dbm_antsignal property positive values from 1 to 17. Shouldn't it be only negative?

2019-12-04 07:18:10 +0000 received badge  Scholar (source)
2019-12-03 14:20:34 +0000 edited question Positive value of antenna signal

Positive value of antenna signal Sometimes I see in packets captured by Wireshark in radiotap.dbm_antsignal property pos

2019-12-03 14:20:29 +0000 received badge  Editor (source)
2019-12-03 14:20:29 +0000 edited question Positive value of antenna signal

Positive value of antena signal Sometimes I see in packets captured by Wireshark in radiotap.dbm_antsignal property posi

2019-12-03 14:19:49 +0000 asked a question Positive value of antenna signal

Positive value of antena signal Sometimes I see in packets captured by Wireshark in radiotap.dbm_antsignal property posi

2019-10-15 08:24:19 +0000 asked a question Sessions of protected networks

Sessions of protected networks I would like to store captured packets in the database. I think it would be good to sort

2019-10-11 12:28:20 +0000 commented answer RX and TX packets identification

But in some packets I don't have Source address, just receiver address: Type/Subtype: Acknowledgement (0x001d) Receiver

2019-10-11 11:04:48 +0000 commented answer RX and TX packets identification

How can I find out, who has transmitted the packet? Interface is in monitoring mode. In the packet is: Source address:

2019-10-11 10:40:11 +0000 commented answer RX and TX packets identification

I am monitoring wlan0. So if I have this: Receiver address: Broadcast (ff:ff:ff:ff:ff:ff) Destination address: Broadc

2019-10-11 10:28:34 +0000 commented answer RX and TX packets identification

So if I have this: Receiver address: Broadcast (ff:ff:ff:ff:ff:ff) Destination address: Broadcast (ff:ff:ff:ff:ff:ff)

2019-10-11 10:27:03 +0000 received badge  Rapid Responder (source)
2019-10-11 10:27:03 +0000 answered a question RX and TX packets identification

So if I have this: Receiver address: Broadcast (ff:ff:ff:ff:ff:ff) Destination address: Broadcast (ff:ff:ff:ff:ff:ff)

2019-10-11 09:56:33 +0000 asked a question RX and TX packets identification

RX and TX packets identification When I am capturing packets of some intarface how can I detect which are RX and TX pack