headers
Gerald Combs | 17 May 2013 23:58
Favicon
Gravatar

Wireshark 1.8.7 is now available


I'm proud to announce the release of Wireshark 1.8.7.

What is Wireshark?

   Wireshark is the world's most popular network protocol analyzer.
   It is used for troubleshooting, analysis, development and
   education.

What's New

  Bug Fixes

   The following vulnerabilities have been fixed.

     o wnpa-sec-2013-23

       The RELOAD dissector could go into an infinite loop.
       Discovered by Evan Jensen. (Bug 8364, (Bug 8546)

       Versions affected: 1.8.0 to 1.8.6.

       CVE-2013-2486

       CVE-2013-2487

     o wnpa-sec-2013-24

       The GTPv2 dissector could crash. (Bug 8493)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Hafez Kamal | 14 May 2013 13:00

[HITB-Announce] HITB Magazine Issue 010

Hi everyone,

A small reminder that article submissions for HITB Magazine Issue 010
are due tomorrow (15th May 2013). If you're interested in submitting
please send your > 3000 word article to editorial@...

Topics of interest include, but are not limited to the following:

    Next generation attacks and exploits
    Apple / OS X security vulnerabilities
    SS7/Backbone telephony networks
    VoIP security
    Data Recovery, Forensics and Incident Response
    HSDPA / CDMA Security / WIMAX Security
    Network Protocol and Analysis
    Smart Card and Physical Security
    WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security
    Analysis of malicious code
    Applications of cryptographic techniques
    Analysis of attacks against networks and machines
    File system security
    Side Channel Analysis of Hardware Devices
    Cloud Security
    Exploit Analysis

On an unrelated note, registration for the 11th annual HITB Security
Conference (#HITB2013KUL) is also open. Taking place from the 14th to
the 17th of October, the conference will be keynoted by Andy Ellis
(CSO  <at>  Akamai) and Joe Sullivan (CSO  <at>  Facebook). The event website is
here:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Jason Pyeron | 12 May 2013 21:44
Picon

Wireshark piping in of pcap data on windows

Given I cannot specifiy a filename as device on windows, what is the best way to
take a stream (stdout) of pcap data and show it realtime in wireshark?

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Stuart Kendrick | 12 May 2013 20:15
Gravatar

summing DeltaT in one direction

I would like to calculate how much time the Client and the Server spend turning around frames.

Client ------- Switch ------- Server
                 |
                 |
              sniffer

In this example, Client is using SMB to copy a file to Server.

I'm imagining that I can calculate the Server's contribution as follows:
tshark -r foo.pcap -Y tcp.srcport==445 -qz io,stat,0,SUM(tcp.time_delta)tcp.time_delta

================================================
| IO Statistics                                |
|                                              |
| Interval size: 44.1 secs (dur)               |
| Col 1: Frames and bytes                      |
|     2: SUM(tcp.time_delta)tcp.time_delta     |
|----------------------------------------------|
|              |1                  |2          |
| Interval     | Frames |   Bytes  |    SUM    |
|----------------------------------------------|
|  0.0 <> 44.1 |  50069 | 50551304 | 44.145992 |
================================================

And the Client's contribution in this way:
tshark -r foo.pcap -Y tcp.dstport==445 -qz io,stat,0,SUM(tcp.time_delta)tcp.time_delta
================================================
| IO Statistics                                |
|                                              |
(Continue reading)

Permalink | Reply | 0 comments |
headers
Prameswar Lal | 12 May 2013 16:15
Picon

Process Information with packets

 hi i am going to work on project
 The application and  user associated with each packet should be shown
in the packet detail. like  wireshark show the packet sender's  host
user name. let suppose

a computer have 10 user .then we can not say who is the sender of this

packet.

please tell me what i can add new more feature in this project . and i
dont know this is already implemented or not . if  implemeted then
tell me .

i will greatly happy if  you help me to improve my project
thanks
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 3 comments |
headers
Parita Khedekar | 8 May 2013 10:12
Favicon

Author a "Administration in Wireshark " book for Packt.

Hi,

My name is Parita Khedekar and I am an Author Relationship Executive for 
Packt Publishing. We specialize in publishing IT related books, e-books, 
and articles that have been written by experts in the field.

We are currently looking out for prospective authors to write our 30-50 
page micro book _*Administration in Wireshark*_ aimed at the users of 
wireshark or network administrators looking for new software that can 
help with administration with existing networks.

I was wondering if you would be interested in authoring this particular 
Micro title.

I do look forward to hearing from you and do let me know if you have any 
queries or doubts.

Regards,
--

-- 

**Parita Khedekar
** *Author Relationship Executive
PACKT Publishing
*www.packtpub.com <http://www.packtpub.com/>
* **MSN*:
paritak@...

<http://www.facebook.com/pages/Packt-Authors/146867485392878?ref%3Dts&layout=standard&show_faces=true&width=50&action=like&colorscheme=light&height=30%20target=><http://twitter.com/packtauthors> 
<paritak@...%3C>
Interested in becoming an author? Visit http://authors.packtpub.com for
(Continue reading)

Permalink | Reply | 0 comments |
headers
salah eddine | 3 May 2013 15:04
Picon

live migration pcap

      hey everyone, do you have please any pcap file for a live migration of virtual machine ???
thx in advance 

-------------------------
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
salah eddine | 2 May 2013 22:47
Picon

PCAP file

please if anyone have a pcap file of VM migration 
or database backup, i need it to test a network application that im working on
thx for advance


       

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
radiatejava | 2 May 2013 09:11
Picon

Extracting data from capture

Wireshark users,
I have a packet capture in which there are http requests (over plain
connection, not SSL) and their response. Response received is
certificate or chain of certificates, possibly in binary data. It
shows the content type of the object as
'application/x-x509-ca-ra-cert'. However, when I try to do
'ExportObjects' > HTTP and export the object, it exports fine but I am
not able to view that certificate using any tool (like openssl or any
other).

I am suspecting wireshark is not exporting either fully or some issue.
I have attached the file 20130417-213837_TCPDump.pcap here
https://skydrive.live.com/?cid=90024b432de06aed&id=90024B432DE06AED!1107&authkey=!AG9x61vd9JLHYL0

Can someone tell me how do export the http response that has
certificate so that I am view the certificate ? Appreciate the
response here.

Thanks/Satish.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 3 comments |
headers
Hafez Kamal | 1 May 2013 04:12

[HITB-Announce] #HITB2013KUL Call for Papers

Hi everyone - This is a Call for Papers for the 11th annual HITB
Security Conference in Malaysia, #HITB2013KUL which takes place on the
16th and 17th of October in Kuala Lumpur.

Keynote speakers for the conference will be Joe Sullivan (Chief Security
Officer, Facebook) and Andy Ellis (Chief Security Officer, Akamai)

We're looking for talks that are highly technical, but most importantly,
material which is new and cutting edge. Submissions are due BEFORE
Thursday, 25th July 23:59 MYT

HITB CFP: http://cfp.hackinthebox.org/
Event Website: http://conference.hitb.org/ (Opens 10th May)

===

Each accepted submission will entitle the speaker(s) to
accommodation for 3 nights / 4 days and travel expense reimbursement
up to EUR1200.00 per speaking slot.

Topics of interest include, but are not limited to the following:

   Cloud Security
   File System Security
   3G/4G/WIMAX Security
   SS7/GSM/VoIP Security
   Security of Medical Devices
   Critical Infrastructure Security
   Smartphone / MobileSecurity
   Smart Card and Physical Security
   Network Protocols, Analysis and Attacks
   Applications of Cryptographic Techniques
   Side Channel Analysis of Hardware Devices
   Analysis of Malicious Code / Viruses / Malware
   Data Recovery, Forensics and Incident Response
   Hardware based attacks and reverse engineering
   Windows / Linux / OS X / *NIX Security Vulnerabilities
   Next Generation Exploit and Exploit Mitigation Techniques
   NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security

WHITE PAPER: If your presentation is short listed for inclusion into the
conference program, a technical white paper must also be provided for
review (3000 - 5000 words).

Your submissions will be reviewed by The HITB CFP Review Committee:

Charlie Miller (formerly Principal Research Consultant, Accuvant Labs)
Katie Moussouris, Senior Security Strategist, Microsoft
Itzik Kotler, Chief Technology Officer, Security Art
Cesar Cerrudo, Chief Technology Officer, IOActive
Jeremiah Grossman, Founder, Whitehat Security
Andrew Cushman, Senior Director, Microsoft
Saumil Shah, Founder CEO Net-Square
Thanh 'RD' Nguyen, THC, VNSECURITY
Alexander Kornburst, Red Database
Fredric Raynal, QuarksLab
Shreeraj Shah, Founder, BlueInfy
Emmanuel Gadaix, Founder, TSTF
Andrea Barisani, Inverse Path
Philippe Langlois, TSTF
Ed Skoudis, InGuardians
Haroon Meer, Thinkst
Chris Evans, Google
Raoul Chiesa, TSTF/ISECOM
rsnake, SecTheory
Gal Diskin, Intel
Skyper, THC

Note: We do not accept product or vendor related pitches. If you would
like to showcase your company's products or technology, please email
conferenceinfo@...

---
Hafez Kamal,
HITB Conference Core Crew (.MY),
Hack in The Box (M) Sdn. Bhd.
36th Floor, Menara Maxis,
Kuala Lumpur City Centre,
50088 Kuala Lumpur,
Malaysia

Tel: +603-26157299
Fax: +603-26150088
PGP Key ID: 0xC0DC7DF8

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Lee Mighdoll | 30 Apr 2013 01:08
Picon

tshark print raw data with -T fields (for partial ssl records)

I'm printing a dozen fields or so from a trace with a limited snap length.  Works great, but the thirteenth field is unfortunately not decoded from partially captured packets.  

Is there a way to print the raw data along with -T fields?  -x and -T fields don't mix...  I suppose I could run tshark twice once with -x and once with -T fields and correlate the output, but I'm hoping there's an easier way.  I see some references on the web to an option for -e data, but that doesn't print anything when I try it (on tshark 1.8.2).

Alternately, is there anyway to convince the ssl packet parser to emit the fields that it has recognized from a partial record?  In particular, I'd like to know that the header for ssl record type 23 (application data) has been captured, even though tcpdump hasn't captured the entire contents of the application data itself.

Cheers,
Lee
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |

Gmane