headers
NITIN GOYAL | 10 Feb 10:34
Picon

AMR Raw Output from Wireshark not playing in players

Hi


I have an issue related to the AMR codec in RTP.

I have RTP capture in pcap form having the AMR-NB and AMR-WB codecs.

Now, using the RTP stream analysis, i have extracted the raw output but I am not able to play that extracted raw output in any of the player.

Is there any way i can play that raw output or decode it and it save it raw format or re-encode it to some other format?

Regards
Nitin
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
杨葳 | 7 Feb 12:13
Gravatar

Is there any wireshark version that can support 802.11u or any patch to support it?

Hi All,
 
Is there any wireshark version that can support 802.11u or any patch to support it?
 
Thanks!
 
Regards,
Wei
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
sean bzd | 7 Feb 18:45
Picon
Gravatar

Strip off protocol layers

Hi,

I'm using tshark to convert .pcap to .txt format using the -r option and redirecting the output to a file. eg. tshark -r file.pcap -V>file.txt
The problem is that the size of the txt file is about 30x larger than the pcap since I'm using the -V(erbose) option. I'm wondering if there is a way to strip off some of the protocol headers that I'm not interested in. e.g. I want to strip off the 'Frame', 'Ethernet' and 'IP' protocol layers before redirecting the output to a txt. Is that possible? Another idea is to selectively expand (Verbose) only the protocols i'm interested in. Is any of this possible. If yes, i'd appreciate some advice. Thanks a lot.
Sean.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 2 comments |
headers
rouli | 7 Feb 16:47
Picon
Gravatar

How to decrypt SSL in TShark 1.6.5 (giving the key file in the parameters)?

I'm using tshark to decrypt ssl traffic in pcaps, using the -o "ssl.keys_list:..." option to specify the keyfile. 
It worked well for tshark 1.6.2 and lower.

Here's an example:
"c:\Program Files\Wireshark\tshark.exe" -r "C:\temp\input.pcap" -o "http.tcp.port:80,80,8080,8888" -o "ssl.keys_list:172.30.2.31,443,http,"C:/temp/private.key""  -R "http" -T pdml


However, I can't find the right command line to make it work with 1.6.5. Trying the one above, tshark crashes - apparently it's missing the extra password parameter. Trying to add a blank password (ssl.keys_list:172.30.2.31,443,http,"C:/temp/private.key","") doesn't work either - tshark doesn't crash, but doesn't decrypt the traffic either. In the ssl debug log it says 

ssl_parse: Can't load UAT string "172.30.2.31","443","http","C:/temp/private.key,"","": ssl_keys:1: unexpected char '"'

while looking for field keyfile


I've tried several other options, with similar errors in the log file, or an error that it can find my key file. One important thing to mention - my key file is not encrypted, and setting this params using the UI (which I don't want to do, I need automation capabilities) works fine.

Any ideas?

Thanks,
-rouli

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
julius | 7 Feb 12:48
Picon
Gravatar

capture filter

Hi,

i found this ftp filter on the wireshark mailing list:

tshark -r ftp.pcap -R "(ftp.response.code == 230 || ftp.request.command
== "PASS") || (ftp.request.command == "USER")"

in combination with this:
tshark -w ftp.capture -f "host SOMEIP"

it works, but how do you combine these two to only capture the ftp login 
attempts?
and why is it that capture filters do differ from display filters?

greets
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 4 comments |
headers
Markus Amend | 2 Feb 08:39
Picon
Gravatar

tshark -z conv, type no sorting according to the total number of bytes

Hello,

in manual to tshark "-z conv,type" function stands:

"The table is presented with one line for each conversation and displays 
the number of packets/bytes in each direction as well as the total 
number of packets/bytes. The table is sorted according to the total 
number of bytes."

Tested with "tshark -r pcap_file -z conv, ip", "tshark -r pcap_file -z 
conv, udp", "tshark -r pcap_file -z conv, tcp", there is no sorting to 
the total number of bytes, but to the toal number of frames.

Look at:

                                                                           | <-      | |       ->      | |     Total     |
                                               | Frames  Bytes | | 
Frames  Bytes | | Frames  Bytes |
xxx:nfs <-> ggg:933               1343   1176990    1666   1157928    
3009   2334918
yyy:51290 <-> ccc:http-alt     1104   1004903    1104     72864    
2208   1077767
hhh:nfs <-> mmm:919            687     49210    1334   1997824    2021   
2047034

This is verified with tshark v1.0.5 and v1.6.5.

Greetings
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Kristoffer Björk | 31 Jan 10:19
Picon
Gravatar

SMB2 Service Response time stats missing in tshark

Hi.
Just a quick question, is smb2 RTT/SRT stats mission from tshark in 1.7.0?
I find the stats in wireshark gui, but i cant run something "tshark
-nnr smb.pcap -q -z "smb2,srt"", there is a "smb,srt" parameter but
that only gets me stats for smb(1) traffic which im not intrested in.

Any idea how to fix this?
Thanks.

//Kristoffer Björk

-----
tshark -v
TShark 1.7.0 (SVN Rev 39768 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@...> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.26.1, with WinPcap (version unknown), with libz
1.2.5, without POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua
5.1, without Python, with GnuTLS 2.10.3, with Gcrypt 1.4.6, without Kerberos,
with GeoIP.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008).

Built using Microsoft Visual C++ 9.0 build 21022
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 1 comment |
headers
Neel Sheyal | 28 Jan 07:23
Picon
Gravatar

PCoIP

Do we have any wireshark plugins for decoding PCoIP payloads? I am
specifically interested in the sequence numbers.

Thanks,
Neel
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |
headers
Andrej van der Zee | 27 Jan 18:46
Picon

disabling loopback

Hi,

I was wondering if there is a way to prevent packets sent to a local
IP address to be shortcut-ed in the kernel. I want them to show up in
the tcpdump. How could I do this on Ubuntu?

Cheers,
Andrej
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 2 comments |
headers
NITIN GOYAL | 27 Jan 11:51
Picon

Issue Related to Unrecognized Text in Manifest File


Hi

I am seeing one issue with the Wireshark. While I capture the traffic for Smooth Streaming, WIreshark is not able to recognize the fields of Manifest file and return this type of error:

<field name="xml.unknown" showname="\xff\xfe" size="2" pos="238" show="\xff\xfe" value="fffe"/>
    <field name="" show="[ ERROR: Unrecognized text ]" size="10" pos="240" value="3c003f0078006d006c00"/>
    <field name="xml.unknown" showname="\000v\000e\000r\000s\000i\000o\000n\000=\000&quot;\0001\000.\0000\000&quot;\000 \000e\000n\000c........

I am not why it is giving this error while the player is able to play the content well after reading the Manifest file.

I have attached the pdml of that particular packet as well.

Can somebody guide me on this??

Regards
Nitin

Attachment (smooth_stream.pdml): application/octet-stream, 268 KiB
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 2 comments |
headers
Hafez Kamal | 26 Jan 23:19
Gravatar

[HITB-Announce] Reminder: HITB2012AMS Call For Papers Closing Soon

This is a gentle reminder that the Call for Papers for the third annual
HITBSecConf in Europe closes on the 18th of February! Send in your
submissions now!

http://cfp.hackinthebox.org/

---

This year, we're moving to a new, bigger and better venue -- the
award winning Okura Hotel right in middle of Amsterdam with easy access
via public transportation. #HITB2012AMS will be a quad-track conference
featuring keynote speakers Andy Ellis (Chief Security Officer, Akamai)
and Bruce Schneier (Chief Security Technology Officer, BT)!

As always, talks that are more technical or that discuss new and never
before seen attack methods are of more interest than a subject that has
been covered several times before.

Submissions are due _no later than 18th February 2012_
HITB CFP: http://cfp.hackinthebox.org/

Event Website: http://conference.hitb.org/hitbsecconf2012ams/

===

Topics of interest include, but are not limited to the following:

    Cloud Security
    File System Security
    3G/4G/WIMAX Security
    SS7/GSM/VoIP Security
    Security of Medical Devices
    Critical Infrastructure Security
    Smartphone / MobileSecurity
    Smart Card and Physical Security
    Network Protocols, Analysis and Attacks
    Applications of Cryptographic Techniques
    Side Channel Analysis of Hardware Devices
    Analysis of Malicious Code / Viruses / Malware
    Data Recovery, Forensics and Incident Response
    Hardware based attacks and reverse engineering
    Windows / Linux / OS X / *NIX Security Vulnerabilities
    Next Generation Exploit and Exploit Mitigation Techniques
    NFC, WLAN, GPS, HAM Radio, Satellite, RFID and Bluetooth Security

Each accepted submission will entitle the speaker / speakers to
accommodation for 3 nights / 4 days and travel expense reimbursement up
to EUR1200.00 per speaking slot.

Your submission will be reviewed by The HITB CFP Review Committee:

Charlie Miller, Principal Research Consultant, Accuvant Labs
Katie Moussouris, Senior Security Strategist, Microsoft
Itzik Kotler, Chief Technology Officer, Security Art
Cesar Cerrudo, Chief Technology Officer, IOActive
Jeremiah Grossman, Founder, Whitehat Security
Andrew Cushman, Senior Director, Microsoft
Saumil Shah, Founder CEO Net-Square
Thanh 'RD' Nguyen, THC, VNSECURITY
Alexander Kornburst, Red Database
Fredric Raynal, Sogeti/Cap Gemini
Shreeraj Shah, Founder, BlueInfy
Emmanuel Gadaix, Founder, TSTF
Andrea Barisani, Inverse Path
Philippe Langlois, TSTF
Ed Skoudis, InGuardians
Haroon Meer, Thinkst
Chris Evans, Google
Raoul Chiesa, TSTF
rsnake, SecTheory
Skyper, THC

Note: We do not accept product or vendor related pitches. If you would
like to showcase your company's products or technology, please contact
us for further participation opportunities.

---
Hafez Kamal
HITB Crew
Hack in The Box (M) Sdn. Bhd.
Suite 26.3, Level 26, Menara IMC,
No. 8 Jalan Sultan Ismail,
50250 Kuala Lumpur,
Malaysia

Tel: +603-20394724
Fax: +603-20318359

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Permalink | Reply | 0 comments |

Gmane