wireshark | 易学教程

安全牛-工具

阅读更多关于安全牛-工具

常用用工工具经常使用用且功能强大大安全从业者必不可少的帮手手 Nc / ncat Wireshark Tcpdump NETCAT ——NC 网络工具中的瑞士军刀——小身身材、大大智慧侦听模式 / 传输模式 telnet / 获取banner信息传输文本信息传输文件/目录加密传输文件远程控制/木⻢加密所有流量流媒体服务器远程克隆硬盘 NC——TELNET / BANNER(作为客户端) nc –nv 1.1.1.1 110 nc –nv 1.1.1.1 25 nc –nv 1.1.1.1 80 举例 1.连接邮件服务器端口 nc -vn 123.125.50.134 110 2.连接http nc –nv ip 80 NC——传输文本信息 A: nc -l -p 4444(服务端开启端口) netstat -pantu | grep 4444 B: nc –nv ip 4444(客户端连接) NC——远程电子取证信息收集 a: nc -l -p 4444 b: ls -l | nc -nv ip 4444 a: nc -l -p 4444 > ps.txt b: ps aux | nc -nv ip 4444 -q 1(q执行完成之后延迟1s自动退出) NC——传输文件/目录 1.传输文文件（注意文件的帧听端口与文件的传输方向） A:nc -lp 333 > 1

what is difference between syn flood and port scan attack?

阅读更多关于 what is difference between syn flood and port scan attack?

问题 i am confused based on the difference between SYN Flood and Port scan attack. knowing that TCP SYN Flood is often referred to as "half-open" scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and wait for a response. Port Scan varies destination port but i think they have similar operations, if not please i need clarifications. 回答1: The purpose is to consume tcp backlog for both 'half-open' and 'open'. http://www

Failed to external entity “…/htmlhelp.xsl”

阅读更多关于 Failed to external entity “…/htmlhelp.xsl”

问题 I'm building a development version of Wireshark to create dissectors, following the tutorial found in their official documentation I receive two warnings and four errors. The four errors seems to come from the fact this link cannot be loaded. The errors are: Build FAILED. "C:\Development\wsbuild64\Wireshark.sln" (default target) (1) -> "C:\Development\wsbuild64\docbook\developer_guide_chm.vcxproj.metaproj" (default target) (15) -> "C:\Development\wsbuild64\docbook\developer_guide_chm.vcxproj"

Sending packets from wireshark to audio decoder: Is .raw file array of RTP packets?

阅读更多关于 Sending packets from wireshark to audio decoder: Is .raw file array of RTP packets?

问题 I have captured RTP packets and need to decode the packets/sesssion with G.729.1 Decoder. In wireshark, I filtered the RTP packets, analyzed and saved the session as .raw file. I am using c# streamdecoder for decoding. Its sample provides example how the speech is encoded, saved in buffer and decoded packet by packet. This is the point I am stuck: const Codec usedCodec = Codec.G7291; const int usedSampleRate = 8000; const int usedBitrate = 12200; var dec = new SpeechDecoder(); dec.SetCodec

Java TLS connection behaviour

阅读更多关于 Java TLS connection behaviour

问题 I use a java TLS server with custom KeyManager, TrustManager and with client authentication. The connection works and certificates are exchanged, also the client (firefox) says that the connection is encrypted. I analyze the connection with wireshark but i don't see tls messages, wireshark shows only tcp segments without decoding the payload (such as TLS client hello, server hello, etc). I enable the debug logging an this is the log of the server: trigger seeding of SecureRandom done seeding

Why are TCP messages in my PC coming in frames of 590 bytes

阅读更多关于 Why are TCP messages in my PC coming in frames of 590 bytes

问题 I am analyzing wireshark log files, when I make a request to a web page using firefox through a proxy server. Following are details of connection establishment: I have noted "maximum segment size" when I open options branch in the TCP segment details of the [SYN] message from my PC to the proxy server - it says 1460 bytes Similarly, maximum segment size eof the [SYN,ACK] message from the proxy server to my PC - it says 1460 bytes After establishing the TCP connection, should not each of the

How to debug wireshark plugin using gdb

阅读更多关于 How to debug wireshark plugin using gdb

问题 I have a wireshark plugin built successfully with wireshark 1.10.3 APIs. I have then installed wireshark 1.10.3 on ubuntu 13.04 using apt-get. I have generated a .so file for my plugin and copied it into the correct directory. While trying to load the wireshark I get an undefined sylmbol error. If I change the API I get a build error. I am quite sure that I am using the right API. How do I debug this problem? Can GDB help me in any way? Thanks 来源： https://stackoverflow.com/questions/20323798

What is a VoidString object?

阅读更多关于 What is a VoidString object?

问题 I am programming a LUA Dissector for Wireshark and have read about a VoidString object which could be passed by while creating a ProtoField object. See https://wiki.wireshark.org/LuaAPI/Proto#ProtoField for more information. I would like to no more about this object and what's the purpose of using it. If I am clicking on the link ''VoidString'' an empty page is getting displayed unfortunately because the documentation for this object seems to be missed. I have googled it but found nothing.

TCPClient not reading the incoming data

阅读更多关于 TCPClient not reading the incoming data

问题 I am working on a C# Application which connects to the host over TCP/IP to send and then receive the response using TCPClient Stream. The Problem is I can send data using the Stream.Write(...) but when I try to get the response against my sent data by calling Stream.Read(...), it hangs and never returns. I've checked the Network sniffing tool like Wire-Shark and can see that the data from the host is being received by my network interface. Why this data is not getting read by my TCPClient?

wireshark基本用法及过虑规则

阅读更多关于 wireshark基本用法及过虑规则

转自： http://blog.csdn.net/hzhsan/article/details/43453251 wireshark基本用法及过虑规则 Wireshark 基本语法，基本使用方法，及包过虑规则： 1.过滤IP，如来源IP或者目标IP等于某个IP 例子: ip.src eq 192.168.1.107 or ip.dst eq 192.168.1.107 或者 ip.addr eq 192.168.1.107 // 都能显示来源IP和目标IP linux上运行的wireshark图形窗口截图示例，其他过虑规则操作类似，不再截图。 ip.src eq 10.175.168.182 截图示例：提示：在Filter编辑框中，收入过虑规则时，如果语法有误，框会显红色，如正确，会是绿色。 2.过滤端口例子: tcp.port eq 80 // 不管端口是来源的还是目标的都显示 tcp.port == 80 tcp.port eq 2722 tcp.port eq 80 or udp.port eq 80 tcp.dstport == 80 // 只显tcp协议的目标端口80 tcp.srcport == 80 // 只显tcp协议的来源端口80 udp.port eq 15000 过滤端口范围 tcp.port >= 1 and tcp.port <= 80 3.过滤协议