[Wireshark-users] How to get RTT of OSI Packets
Hello guys, I have figured out how to measure the RTT of TCP packets sniffed by wireshark. This can be done using IO Graphs. I am thinking if there is a way to measure the RTT of OSI packets? Do you know if this can be done in wireshark? Do i need to install a plugin or configure anything? Thanks in advance. Regards, Marc Glenn ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] tcpdump command to capture https traffic
Hi I want to capture HTTPS Traffic using tcpdump command tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 is the above command correct, please let me know Best Regards Kaushal ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tcpdump command to capture https traffic
Do you just want traffic between 192.168.0.1 AND 192.168.0.2? If so, that should work. Les Bowditch Senior Network Operations Analyst Shift Networks Suite 320, 1121 Centre Street NW Calgary, AB T2E 7K6 Tel: +1 (403) 536-5491 Tel: +1 (866) 963-8749 Fax: +1 (403) 770-7449 [EMAIL PROTECTED] www.shiftnetworks.com http://www.shiftnetworks.com/ CONFIDENTIALITY NOTICE: The contents of this electronic mail message are confidential and strictly reserved for the sole use of Shift Networks Inc. and the recipient(s) indicated in the message. If you receive this message in error, please notify the sender immediately and delete the original message as well as all copies. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. Any disclosure, copying, distribution or reliance on the contents of the information is strictly prohibited. Thank you for your cooperation. Shift Networks Inc. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kaushal Shriyan Sent: Thursday, July 19, 2007 6:24 AM To: Community support list for Wireshark Subject: [Wireshark-users] tcpdump command to capture https traffic Hi I want to capture HTTPS Traffic using tcpdump command tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 is the above command correct, please let me know Best Regards Kaushal image001.gif___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tcpdump command to capture https traffic
Kaushal Shriyan wrote: Thanks and what does s 0 signifies, I know s means snapshot length so what does s 0 signifies It means the maximum snapshot length, which is 65535 bytes. (Versions of tcpdump prior to 3.6 require that you do -s 65535, but all later versions support -s 0.) ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tcpdump command to capture https traffic
Thanks Guy Harris One more question is it better to run tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 or instead tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 and host 192.168.0.2 and port 443 which is the best method Thanks and Regards Kaushal On 7/19/07, Guy Harris [EMAIL PROTECTED] wrote: Kaushal Shriyan wrote: Thanks and what does s 0 signifies, I know s means snapshot length so what does s 0 signifies It means the maximum snapshot length, which is 65535 bytes. (Versions of tcpdump prior to 3.6 require that you do -s 65535, but all later versions support -s 0.) ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv
Hi, Tried it on: Version 0.99.7 (SVN Rev 22353) Compiled with GTK+ 2.10.13, with GLib 2.12.12, with libpcap 0.9.5, with libz 1.2.3.3, with libpcre 6.7, with Net-SNMP 5.2.3, with ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos, with PortAudio PortAudio V19-devel, without AirPcap. Running on Linux 2.6.21-2-k7, with libpcap version 0.9.5. Built using gcc 4.1.3 20070629 (prerelease) (Debian 4.1.2-13). No problems. Thanx, Jaap Rajasankar K wrote: Please find the capture file attached. And I could open these files in the MS-windows version (same build 22293). The problem happens when I take the source release and install in Linux. -- Raja. - Original Message From: Luis EG Ontanon [EMAIL PROTECTED] To: Community support list for Wireshark wireshark-users@wireshark.org Sent: Monday, 16 July 2007 11:02:07 Subject: Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv Given the fact that that you already sent us your passwords could you first change them and then send me (or the list if the machine is not reachable from internet) a file with the packet that triggers the bug? Thanks, Luis. On 7/16/07, Rajasankar K [EMAIL PROTECTED] wrote: Hi, I have version wireshark-0.99.7-SVN-22293 compiled and installed in Linux myhost 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/Linux. When I try to open a capture file I see the following and cannot see the encrypted contents. The packets have both auth and privacy enabled. msgData: encryptedPDU (1) encryptedPDU: 0B8B42273BEAF68B62709A135537338FA09223A373C8550D... [Dissector bug, protocol SNMP: proto.c:2902: failed assertion tvb != ((void *)0 ) || *length == 0] I have the following entry in ~/.wireshark/snmp_users file. 80A103122334455667, admin_0016b50a9734, SHA1, TOOLS TEAM,AES,TOOLS TEAM I can see the same error messsage for the following bug in bugzilla, [Bug 1638] SMB Pipe dissector bug on certain packets. The resolution says it's fixed in SVN 22053. I'm currently using 22293. Any clues about this problem? -- Raja. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] tcpdump command to capture https traffic
Kaushal Shriyan wrote: is it better to run tcpdump -i eth0 -s 0 -w dump host 192.168.0.1 http://192.168.0.1/ and host 192.168.0.2 http://192.168.0.2/ and port 443 or instead tcpdump -i eth0 -s 1500 -w dump host 192.168.0.1 http://192.168.0.1/ and host 192.168.0.2 http://192.168.0.2/ and port 443 which is the best method Assuming you're using tcpdump 3.6 or later (as per my earlier mail, 3.4[.x] and 3.5[.x] don't support -s 0): Given that the snapshot length includes the link-layer header - i.e., it's *NOT* the MTU - a snapshot length of 1500 will cut off the last 14 bytes of a full-length 1514-byte Ethernet packet. Therefore, -s 0 is better than -s 1500. It's also better than -s 1514, because 1) it works on all interfaces, regardless of the maximum packet size (i.e., you don't have to know the maximum packet size of an interface if you just use -s 0); 2) it's 3 fewer characters to type. :-) ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv
On 7/19/07, Jaap Keuter [EMAIL PROTECTED] wrote: Tried it on: Version 0.99.7 (SVN Rev 22353) ... with Gcrypt 1.2.4, ... No problems. ... without Gcrypt problems. -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
[Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read
Hi, I have created a little Perl script to convert IP packet that are tranmistted over ATM interface on Cisco. This script is inspired by the one made by Hamish Moffatt which convert IP packet to something Wireshark can read. It takes only IP packets and ignore ATM cells from the the copy of the output of the following Cisco command : debug atm packet I don't if it's the good place to post it :) Anyway here it is : -- CUT HERE --- #!/usr/bin/perl # Convert Cisco debug atm packet format to something text2pcap can read. # Use cat debug output | conv..pl | text2pcap -l 12 - output capture file # Author: Frederic Point . # Inspired by: Hamish Moffatt [EMAIL PROTECTED]. # License: GPL (see www.gnu.org). sub dumppkt () { for ($i = 0; $i scalar(@pkt); $i++) { if ($i % 16 == 0) { printf \n%08X, $i; } printf %02X, $pkt[$i]; } } $in_ip_packet = 0; while() { chomp; # Strip line before the beginning of IP packet if (m/TYPE:0800/) { $in_ip_packet = 1; next; } # After the end of IP packet, dump packet if (m/^*[A-Z][a-z]{2} [0-9 ][0-9] [0-9]{2}:[0-9]{2}:[0-9]{2}\.[0-9]{3}:[ \n\r\t]*$/) { if ($in_ip_packet) { dumppkt; undef @pkt; $in_ip_packet = 0; next; } } unless ($in_ip_packet) { next; } # Strip the offsets $hex = substr $_, 22, 96; # Remove all spaces $hex =~ s/ //g; # dos2unix $hex =~ s/\r//g; # Convert hex bytes on this line while ((length $hex) 0) { push @pkt, hex (substr $hex, 0, 2, ); } } dumppkt; print \n; -- CUT HERE --- Thanks to all Ethereal/WireShark devs for creating such a piece of software ! Best Regards Frederic Point ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Script to convert Cisco ATM dump to something that Wireshark can read
Frédéric Point wrote: Hi, I have created a little Perl script to convert IP packet that are tranmistted over ATM interface on Cisco. This script is inspired by the one made by Hamish Moffatt which convert IP packet to something Wireshark can read. It takes only IP packets and ignore ATM cells from the the copy of the output of the following Cisco command : debug atm packet I don't if it's the good place to post it :) Sure it is. Could it be a stat of YAFF [1] that Wireshark can read trough wiretap? Is there any generalized output description for this debug command? Thanx, Jaap [1] Yet Another File Format. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv
Hi, Luis is correct. I included the gcrypt and it works fine for me as well. Thanks for the help. Raja. - Original Message From: Jaap Keuter [EMAIL PROTECTED] To: Community support list for Wireshark wireshark-users@wireshark.org Sent: Thursday, 19 July 2007 10:08:17 Subject: Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv Hi, Tried it on: Version 0.99.7 (SVN Rev 22353) Compiled with GTK+ 2.10.13, with GLib 2.12.12, with libpcap 0.9.5, with libz 1.2.3.3, with libpcre 6.7, with Net-SNMP 5.2.3, with ADNS, without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos, with PortAudio PortAudio V19-devel, without AirPcap. Running on Linux 2.6.21-2-k7, with libpcap version 0.9.5. Built using gcc 4.1.3 20070629 (prerelease) (Debian 4.1.2-13). No problems. Thanx, Jaap Rajasankar K wrote: Please find the capture file attached. And I could open these files in the MS-windows version (same build 22293). The problem happens when I take the source release and install in Linux. -- Raja. - Original Message From: Luis EG Ontanon [EMAIL PROTECTED] To: Community support list for Wireshark wireshark-users@wireshark.org Sent: Monday, 16 July 2007 11:02:07 Subject: Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv Given the fact that that you already sent us your passwords could you first change them and then send me (or the list if the machine is not reachable from internet) a file with the packet that triggers the bug? Thanks, Luis. On 7/16/07, Rajasankar K [EMAIL PROTECTED] wrote: Hi, I have version wireshark-0.99.7-SVN-22293 compiled and installed in Linux myhost 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/Linux. When I try to open a capture file I see the following and cannot see the encrypted contents. The packets have both auth and privacy enabled. msgData: encryptedPDU (1) encryptedPDU: 0B8B42273BEAF68B62709A135537338FA09223A373C8550D... [Dissector bug, protocol SNMP: proto.c:2902: failed assertion tvb != ((void *)0 ) || *length == 0] I have the following entry in ~/.wireshark/snmp_users file. 80A103122334455667, admin_0016b50a9734, SHA1, TOOLS TEAM,AES,TOOLS TEAM I can see the same error messsage for the following bug in bugzilla, [Bug 1638] SMB Pipe dissector bug on certain packets. The resolution says it's fixed in SVN 22053. I'm currently using 22293. Any clues about this problem? -- Raja. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users __ Yahoo! Movies - Search movie info and celeb profiles and photos. http://sg.movies.yahoo.com/ ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users