What are Reddit's favorite Network Analyzer Apps?
Wireshark
JASP
Portmaster
tcpdump
PSPP
LAN Speed Test
Ettercap
NetworkMiner
Vistumbler
iPerf3
CloudShark
Open Visual Traceroute
NetStumbler
GlassWire
LinSSID
Intercepter-NG
wavemon
Polinode
Advanced Port Scanner
WiFi Scanner
GPING
Homedale
Top Reddit reviews mentioning Network Analyzer Apps:
Uhm... You may have read it wrong? There actually is a very popular network debugging tool by the name of wiresharK https://www.wireshark.org/
If not then... Lol. Although I can see a torrenting/file sharing tool used to stress systems, but I imagine there are better tools suited for that.
I'm not shrugging this off because it's Valve. If anything, I think it deserves more scrutiny because it's not about EA (or their ilk). Valve is one of those companies that I think I agree with in their basic motivations, but does some things that deeply worry me.
At this point, though, I am shrugging it off for the following reasons.
- I could not find any network code in the original code snippet. Yes, it appears to retrieve the dns cache, hash the results, and do some comparison and storage. No where, though, does the code send the hashes to a remote server. The biggest problem with that is that OP's analysis specifically included the hashes being sent to Valve's servers. Now, I might give OP the benefit of the doubt, but...
- The lack of network communication was pointed out in the original thread. The response has basically been "Valve never compares things locally" and "We don't know what all these functions do". Making the claim that VAC phones home with information without any real evidence (especially coming from someone with enough expertise to reverse engineer a VAC DLL) points to some kind of motivation against Valve. This doesn't outright discount the claim, but it does increase my desire for independent verification.
- If VAC is sending information back to Valve servers, this should have been dirt simple to confirm using a network analysis tool such as Wireshark. The lack of this kind of evidence makes me think that publicizing the discovery was rushed, probably to ensure that it made the biggest splash in the community.
Sure -- the experiment would be be a pretty trivial download of a packet & network analyzing program, and then monitoring whether there is outbound voice data being sent by the browser or any other apps. (spoiler alert: it isn't)
Oh, I thought you were worried about it being unsafe for you. That makes much more sense.
The servers already are public. If you play a game with Wireshark or TCPDump, you can see the IPs your computer is communicating with. If your computer doesn't know who to communicate with, it's not going to be able to play the game.
Bit late, but will still go at it. When he said "wire shaked", it means he used a packet sniffing tool called Wireshark (https://www.wireshark.org/).
When someone sets up a voice call in over steam, the connection doesn't go through their servers, it direct connects you to the other person's computer (for less lag presumably), because of this you can use Wireshark to get someone's ip (https://nictutorial.wordpress.com/2014/06/19/wire-shark-finding-your-friends-ip-through-steam/).
Now that isn't enough to get your real name, but having your ip is enough to get about where you live. So if he was able to associate your steam username with a profile you might have somewhere else, i.e. you use the same profile name for your twitter or something. He might have been able to find your real name. Then using (most likely) Facebook he could search your name and confirm with the ip location which person is actually you (if you have a common name). And bam, you've been dox-ed...
Quick note, Wireshark will do absolutely nothing bad to your computer, it just looks at packets, there is a 99% chance they did nothing to harm your computer, and I severally doubt some fear-monger on steam would have the skill/knowledge/motive to actually do anything bad.
- Install Wireshark
- Capture all packets received by the wifi device.
- Save complete capture session to a file.
- Send capture file to the FCC along with your report.*
Yes, it might be a little over the heads of most consumers, but there are plenty of simplified tutorials for using wireshark, and capturing all traffic is a very basic action for the program. As long as it can see your wifi device on your computer, it can capture packets received by/visible to it.
*If you're not technically inclined enough to understand what wireshark is doing or how to read the capture log, then perhaps something like:
>I was having trouble connecting to my wifi hotspot device while staying in ______ hotel at ______ address. I'm concerned that they may be attempting to block access to my personal device by illegally pretending to be my wifi hotspot and telling my device to disconnect (in essence, jamming the signal.) With the help of others on the internet, I was able to capture the attached log of wifi traffic visible to my device using the program Wireshark. Please review it for any sign that they might be engaging in such a practice.
The Organizationally Unique Identifier. Every network port has a MAC address. The first half of which is assigned to the manufacturer of the unit. If you punch the MAC address into an OUI Lookup Tool it'll be able to tell you who made it (theoretically).
What?!? Are we talking about https://www.wireshark.org/ ?!?
The completely free and limitless tool? That captures every protocol you dump on the line?
​
There is no pro, or you sir, are a very good troll :)
Just as Battle(non)sense, I used Wireshark. Join a match, start capturing.
Afterwards you can create a graph from the captured data. I used Statistics, IO Graph to create the packets per second graph by filtering on packets received from the gameserver IP, filter: "ip.src == gameserver_ip_here". You can find the gameserver IP in the long list of captured data by looking at the IP that sends lots of UDP packets in the 7000-8000 port range.
If you see this player on the other team, boot this up:
EDIT: Wireshark is a packet-sniffing tool that can took at all the traffic coming in and going out of your computer. If you see this barcode player on the other team, start up Wireshark and allow it to sniff the packets going over the net. If you end up getting DDoS'ed, you'll be able to see where the flood of packets is coming from and give this information directly to Riot.
You can use USBPcap to capture the raw data from the USB bus then view it with WireShark. The learning curve can be rough since there's a bunch of messaging that will have nothing to do with the actual data you're looking for. I would also recommend unplugging as many USB devices as possible so you have less junk to sort through.
Firstly, I would ignore the others in this thread. Their elitism is a little overbearing. I'm going to assume that by "connecting to the OS appropriate shell" you mean scripting/using system commands. In all honesty being able to write shell scripts quickly is probably your best bet. If you really want to know how things are working, start on C. Try using something like PCAP, you can build packet inspectors pretty handily using it.
Good luck.
on that note you may be interested in having a look at the Portmaster, which tackles a different angle of Windows privacy and is both free and open source.
Disclaimer: I'm co-founder of Safing
OPs screenshot doesn't have enough information to make a determination. A more powerful tool such as Wireshark can decode the actual traffic.
If OP isn't using any IPv6 applications all that traffic can be attributed to the exchange of routing information that needs to be shared across the tunnel. A sample I've taken from my own network shows about the same frequency of traffic and it's all routing related. Nothing sinister (or even interesting) going on here.
Your life would be easier if you didn't reinvent the wheel and used tcpdump (or at least stored to pcap format) and then analyzed with Wireshark / TShark.
If you modify your format just slightly (remove the leading 0x, add offsets) you could use text2pcap to generate a pcap from what you are already doing or import it directly to Wireshark.
A box, running a 100% Libre GNU / Linux distribution and Wireshark https://www.wireshark.org/, configured as a router should do the trick. This effectively puts the DRM infected Apple and Microsoft devices in a FLOSS jail.
On a windows machine, you can run the command "netstat -a -b" from the command prompt (may need to run with administrative privileges) to see which programs have open connections and what port they're using. You can then use this info to cross-reference packets traversing your PC so you can rule out what traffic is good and questionable (use wireshark for this). Might be a good idea to turn off as many services as you can on your NIC because a base install of windows has a lot of garbage traffic.
Once you see some traffic that is questionable, block it in the firewall and see what breaks. That's a great way to see what programs are accessing the internet and how it all works.
Let me be the 94th person to recommend R with optional RStudio/tidyverse.
You might also be interested in JASP and JAMOVI, they are free / open source and really good!
The two projects forked in different directions a while back, IIRC the main difference (apart from light cosmetics) is JASP offers a hook into Bayesian/Network analyses, while JAMOVI has stronger links into underlying R code.
You could write a packet capturing/analyzing tool with pcap. I did that for a class this semester, and learned a fair bit about structuring C code and a cool application of structs (see the link in the next sentence for that). You can get started with this: http://www.tcpdump.org/pcap.html. Plus, knowing that kind of stuff could be useful in the IT sector (particularly in security, but I imagine it can be useful and just a good thing to have at least a rudimentary understanding of in general IT).
I have a simple suggestion for you that will show you the full extent of the issues. Download Wireshark.
Record a typical session on your old OS.
Now record a session on 10, your goal being to get the reporting down to what it used to be. First use the GUI to disable as much of the monitoring as possible. Record again. Now use Group Policies to disable as much of the additional monitoring as you can. Record.
Not there yet? Pull out all the stops, whatever you need to do, assuming it's native to Windows. You're likely into firewall settings, routing tables, registry by now.
Now ask yourself, could the average user do this? Would they even KNOW what the concerns are?
I don't know man. I'm likely to pick up a lot of business from this change, so it's good for me personally. But I don't think it's good for the user.
Our software that does that is the Portmaster.
It's hard to summarize my feelings to Microsoft, but I'll give you some thoughts:
- Compared to earlier they have definitely hopped on the Surveillance Capitalism bandwaggon, trying to grab as much user data as possible
- as a result from that, Windows 10 is a nightmare privacy wise
- even though they are open sourcing stuff - I still feel they are only trying to polish their image for marketing
- I'm bummed out that they bought Github
🤷♂️ some thoughts
Hey, reading this post reminded me of a post by /u/SweetAndFluffy who developed a vibrator controlled by picking up diamonds in Minecraft. Maybe he is willing to help you if he is still active?
Apart from that, it seems to me that parsing the video output of the game is a hard and time-consuming task to get right. Have you thought about parsing the required information from network traffic? Idk how hard this is but maybe Wireshark can help you if you have some spare time :)
Wireshark is super simple to use. The trick is understanding what you're looking at, and for that you're going to need to have detailed understanding of the things you're trying to troubleshoot, like Kerberos, NTLM, SMB, TLS/SSL, Certificates, how to do filtering etc...
You're asking how to use a chef's knife to make Boeuf Bourguignon. You need a solid understanding of ALL of these things to properly see how the tool helps.
But for starting to learn Wireshark and how packets work, I encourage ya to read https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
1Gb/sec is fairly easy to obtain termination wise. It should be the same as with 5e.
10Gb/sec in homes is fairly up in the air. It should be possible in shorter lengths on CAT6 and even CAT5e, however I think that will be a "wait and see how it works on consumer grade hardware when that time comes".
If it were me I would not invest in testing equipment for your home. It is expensive and overkill. Instead I would leave some slack (couple feet) in each of your runs (on both ends) to allow for re-termination if needed when that time comes (10Gb/sec).
I have had good luck with LanSpeed Test (http://www.totusoft.com/lanspeed1.html) to ensure the run is capable of 1Gb/sec. If you get close (900Mb/sec) with no packet loss, your termination job is just fine.
Can you capture traffic with Wireshark as well when you access the hidden service with Windows 10? You don't have to share the complete dump. I'm sure someone could help you with a filter, default ones are pretty easy, e.g., "http", shows HTTP requests. They are basically as easy, or even easier to read than Apache server logs. You probably don't need complex filters if it takes under 17 hours, and you don't use the laptop for anything else except opening your hidden service in Tor once. Although if an app updates in the background that's going to cause multiple log entries.
Example screenshot from a Wireguard dump: https://www.wireshark.org/docs/wsug_html/wsug_graphics/ws-main.png
The top part (here in green) should be readable without too much background knowledge. Source & destination ip, protocol, etc. already give you a lot of information.
I didn't spend long researching this, so take this only as general knowledge. It may or may not be specific to the passwords you are seeing/your environment.
Some default wifi passwords are based on the MAC address associated with the router. This may or may not be true for AT&T, and if so, the probably aren't using the same method if symbols are included. They likely are using some kind of formula though, and MAC addresses make a good enough "unique" seed that is associate with the device.
With this knowledge, you can narrow down the possible values. For example, you can start by using only OID's for popular/known manufacturers. With enough known passwords, you may also be able to narrow down the character set they are using.
The TL;DR is that dictionary attacks likely aren't effective. However, if you collect a large enough sample and are familiar with how the default passwords are generated, you can significantly reduce the keyspace and intelligently brute force the passwords in a way that may not require weeks.
At some point, your browser is making a web request to their server to get the file. You can use something like Fiddler or Wireshark, or even your browser's built in developer tools to figure out what that request is instead of trying to recreate it from the code. Handling the request directly is way faster and more reliable than using Selenium.
Why would you give them the same hostname?
Suggest you load Wireshark https://www.wireshark.org/ on one of the machines and look at what is happening when you try to ssh from one to another.
Or....https://www.r-project.org/ or https://jasp-stats.org/
But yeah it's quite a racket. We had a journal come to our dept. literally an hour ago, and she was saying 'when we charge £5000 to publish your papers open access, we're making a loss'. Taking the absolute piss: there is millions to be made in academia, usually skimming off researchers.
Per the iperf3 documentation, -n will stop the transfer after a specific number of bytes. So if you're combining that with -P, you'd want to multiply -n by -P.
https://software.es.net/iperf/invoking.html#iperf3-manual-page
That said, if you have any kind of local software distribution platform (Active Directory, etc), rolling it out that way is probably a better idea.
You could use a packet sniffing tool like Wireshark to monitor the requests made by the game. But, reverse-engineering a network protocol is very difficult even in the best scenarios where a game is actively online. Maybe you'll get lucky and discover that it's using a relatively simple or existing protocol. But it could be entirely proprietary. It could be encrypted. And without an active server providing response to the client's requests, it could be literally anything. Good luck!
There are no encryption options for wireguard.
Wireguard is always encrypted, and does not support/allow operating without encryption.
Wireguard was intentionally designed to be simple and secure by a bunch of fairly skilled cryptosecurity folk, and there have been so many protocol downgrade attacks over the past decade that they decided to just start off with the good stuff and not give folks a ~~choice~~ opportunity to do it wrong.
I'm not sure what happens if any of their choices become obsolete in the future, guess we'll find out at that point.
Btw, this decision has absolutely nothing to do with PIA, they're just implementing the wireguard protocol as-is.
If you want to check, wireshark is an open source tool for Win/OSX/Linux that can capture, display, and decode network packets.
You can start by downloading Wireshark and learning how to analyze network traffic to see where your data is coming from and being sent. Here's a beginner's tutorial.
This I a very technical answer but you could try running wireshark https://www.wireshark.org/ and see what the connection is doing.
Most common cause if firewall (turn it off to test) or general network.
Also if your plan and phone support it try conning your computer via your phone to the internet. Some ISP do block odd stuff.
One thing I would try is to use a network traffic analyser to see what ip addresses your phone sends data to, in the hope that you can identify what/who is doing this. This is assuming you have a desktop or laptop to install it on, and you have WiFi at home you connect your phone to. Also assuming some technical savvy, or willingness to learn :)
I recommend installing Wireshark, then finding the local IP address of your phone so you can limit the network traffic wireshark logs to just the phone - you can usually do this by logging into your router’s administration settings and looking at all the connected devices.
Then pick your favourite wireshark beginner’s tutorial - I recommend this youtube guide.
IP addresses can be generally tracked to ISP or owning company and general area by using any one of many websites when you google for “ip trace” - so any wireshark output can be checked easily.
There should be a bunch of either apple or google ip addresses depending on what phone you have, there should also be ip addresses for any app you open that goes online, and any websites you visit you should also see that network traffic. These are all going to be legitimate things and you can use wireshark to exclude them from the analysis.
Hopefully then leaving wireshark running and logging for a longer period of time (say 24hrs at least), there’s less traffic logged to look through, and any suspicious and/or malicious activity should be easier to spot in the log.
Wireshark lets you capture packets, so you would see all of the raw traffic in / out of your PC. It requires some learning, but you could probably recognize personal info in the raw packets, if there un-encrypted. do a capture, select an HTTP GET in the lines of raw capture, and within the wireshark menus, select Analyze->follow->HTTP Stream. That is the quick version.
Selbst dann wäre es sehr leicht nachzuvollziehen, wenn Google durchgehen dein Gespräch abhören würde. Netzwerkanalysetools machen das auch für den Laien recht einfach. Probiers einfach selber aus: https://www.wireshark.org/
I would use something like glasswire to monitor my traffic and see what is going on. If you want to leave something running that logs so you can show the IT guy I would use wireshark. Both can help you track down the culprit.
Are you installing an official copy of your OS or something downloaded from 3rd party?
It's likely a console cable for their infrastructure. The cable was probably sitting in the sun and faded, but my thought process also involves cabling standards that I'm used to.
That's a microwave tower that's likely used for internet connection. I'm not sure how that country is set with internet, but if it's in a mountain range, that's probably an organization's sole means of connecting to the internet.
If it were me, I'd go back with a laptop and run Wireshark just to see what's going on there, lol.
This is one way... maybe overkill though.
- Find a laptop running Windows with both a wireless network card and a wired Ethernet port.
- Install WireShark
- Connect to the internet over WiFi on the laptop (you may need to do this on a friend's connection if yours is disconnected...)
- Use Internet Connection Sharing (in Windows) to share the WiFi connection with the Ethernet connection
- Open up WireShark and configure it to listen on the Ethernet NIC
- Connect the Pi to the laptop with a crossover ethernet cable
- Verify you have an internet connection on the pi - ping 8.8.8.8 or something (you should be able to see the ping in WireShark on the laptop)
At this point you'll also be able to see all other traffic going to/from the pi. If it's sending out spam, you should see loads of outbound connections where the destination port is 25.
Try tcpdump (it's a command utility) I believe you can then import logs to pirni and read them. If you have a desktop/laptop with you, you can try wireshark https://www.wireshark.org/ I also believe that you could dump logs with tcpdump and then use wireshark's GUI
The iperf faq states that you should use iperf2 on windows instead of iperf3.
- iperf3 parallel stream performance is much less than iperf2. Why?
- I’m trying to use iperf3 on Windows, but having trouble. What should I do?
Using iperf2, I was able to get 60 Gbps on a 25 Gbps x 4 connection between to two Windows Server 2016 servers. At that point, the sender CPUs were maxed out.
No, it's not even close to that simple.
Tcpdump is a Linux utility to capture network traffic passing through a network interface.
It'd be possible to get the password if you perform an SSL man-in-the-middle attack on the traffic, but it'd be much simpler to grab the HTTP cookie (stores login sessions) in transit and hijack the Facebook session using that cookie.
some internet routers will store their own records of all sites and addresses accessed and that persists regardless of whether someone uses private browsing or not, and this will store data for every device on the network regardless of whether it's a phone, windows pc, mac, etc. it requires some amount of technical know-how to be able to bypass this logging, although it's not particularly difficult if you know what you're doing (i'm guessing that the fact PA doesn't know how to clear his DNS cache means he doesn't). so u/sadperson3628293 you can check if your router has this option if you need to look for that, you can log onto the management site for it usually by going to 192.168.0.1, 10.0.0.1, or 192.168.1.1 (try all three) in your browser and then log in with the administrator username and password that should be printed on the router.
in the event that the router does not keep logs that you can access, there are more technical snooping solutions that you can apply, such as using wireshark (i'm happy to give details about this if you want, bc i've used it before for more benign network analysis) or getting a dedicated device designed with the purpose of logging website traffic. the benefit of these solutions is that you do not need physical access to his devices and do not need to install anything on them.
the one thing is that these solutions work for home internet, including wi-fi, but they don't work for mobile data like he might use on his phone. there are phone apps specifically for that, though; the one i'm most familiar with is circle but there are others. there are also different solutions that don't directly use web logging, like covenant eyes and keyloggers. the main disadvantage of this is that you need physical access to his phone and he could potentially uninstall any software put on there (although some is designed to be harder to uninstall).
Forgot to mention you can do a manufacturer lookup of the MAC addr at https://www.wireshark.org/tools/oui-lookup.html
Just looked it up, and unfortunately you are correct. It's not an ESP (manufacturer comes back as Tuya Smart, not Espressif)
I've done about 20 transplants where I remove the Tuya module and replace it with an ESP, but most of those were replacing the WB3S Tuya module with an ESP-12 which is a drop-in replacement. The few I've done with Tuya modules that don't have a direct replacement worked but they were not fun to do
You essentially want a wireshark or android tcpdump im guessing.
See: https://ask.wireshark.org/question/3821/how-can-i-see-the-traffic-of-an-android-app/
Do you know how to run Wireshark to capture the traffic to the Starlink terminal?
Either there is a mixup between the routes your getting via DHCP from the terminal and the ones your setting manual. Or there is some form of authentication going on that only work with the Starlink router.
I'm going to add to this, and hopefully not discourage.. You absolutely should be running a firewall on the only port you are given in a leased office. You said yourself that you think it is on its own separate VLAN, but you don't know for sure. And, even if it was, who is managing that VLAN? You could easily find out if there is other traffic that can be reached through that port which in turn would tell you whether or not other people could access what is connected in your office but that may be beyond what you are comfortable with; Wireshark.
From a security oriented standpoint it shouldn't matter whether you are on a VLAN or not. You should have absolute control of everything that is connected to your network internally. By placing pfSense as the first device on your only port you're drawing a line in the sand; everything behind pfSense is in your complete control. the only issue then becomes how to secure your data between the internet and pfSense. This is where an externally hosted VPN, such as PIA, could be used. That would allow for the encryption of ALL data that goes over your proverbial line which would prevent eavesdropping from the other offices / ports / system administrators in your building.
Congrats on your business venture!! Without trying to come across as a total douche nozzle, stick to offering services you have a firm grasp on to your customers. In other words, you may want to delay offering networking services until you are comfortable with all aspects related to a network you provide; think of the liability...
https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
Wireshark using some of the flags. Don't bring up the GUI part of Wireshark. Will give me data in my terminal. Without bring up the Wireshark GUI window.
Use process monitor to watch file/registry changes; wireshark to watch the network. I would expect the DRM to be more complex than a simple file token, but you never know...
Hey, I've been wanting to talk about the specifics of the netcode for a while now!
By analyzing the game's network data in Wireshark, we can confirm it is P2P. If it used dedicated servers, you would see the game talking to one server on the Internet somewhere. Instead, what we see is the game talking to each of the individual consoles in the match.
P2P falters when one person's Internet connection is terrible, or worse, if the host's connection is terrible. Many game state variables are synchronized with the host as well, and for many things, what the host says goes. However, things like kills, bullets, player position, etc... are handled by each of the individual clients. When someone dies, the killer sends a packet to the host and client saying that the person has been killed. The victim then sends a packet back to the killer to confirm the kill - only when this happens does it pop up "Splatted X!" on the bottom of the screen. If their connection is terrible, this will definitely appear laggy. You can judge the current lag in the match by comparing the position of where it appears you've killed the person to where the icon that appears after they die. This icon is where the victim says they were when they die, so if they don't match up, there's probably lag between you and them.
Yes, it pretty much sends multiple copies. (Internally, the game calls this "cloning".) It isn't too wasteful considering that data is only sent if there's a change.
Yes, I believe they definitely took that in account. P2P doesn't require as many servers as using dedicated servers, which means less costs. The less money that Nintendo has to pay, the more likely they're going to keep the servers up after the Switch is no longer supported.
Das Thema war, dass Google angeblich heimlich dein Mikrofon aufzeichnet. Bin mir nicht sicher wo hier der Zusammenhang ist. Vor allem weil die von dir genannten Apps alle ohne Mikrofon und Kamera funktionieren.
Netzwerkanalyse ist auch für den Laien, der nicht viel Ahnung von Computern hat, keine Raketenwissenschaft und man könnte es sehr einfach nachvollziehen, wenn Google hier illegal handeln würde. Probiers einfach aus: https://www.wireshark.org/
Just a minor nit here, the article states: > So, I have no way of knowing what the protocol is actually doing during a file transfer, just as I have no way of knowing what the client software is doing to my laptop, or what the server software is doing to my servers.
You can find out pretty much exactly what the protocol is doing on the network during a file transfer, either by observing on the same machine (see front end tools like wireshark) or with the proper instrumented network routers in between. There are likely a number of network reverse engineers out there who could take a look at what overall network approach fasp is using, and maybe make some recommendations on how you might get a high performance transfer going by tuning existing public tools. Offhand maybe this analysis might appeal to someone in the presenters community of various security conferences (maybe they're looking for a topic to present..).
You didn't mention any in-path devices (minus ATT's stuff, of course) that might alter traffic. If there are any, you might have to capture at both ends and correlate. Even if not, it might give you ammo to force ATT to actually troubleshoot the issue.
A tip, in case that's necessary here:
https://www.wireshark.org/docs/wsug_html_chunked/ChStatCompareCaptureFiles.html
And a publicly posted example where a pcap from one end wasn't enough (not my blog): http://www.showconfig.net/packet-capture-on-both-sides-of-a-conversation/
Was going to suggest (Wireshark)[https://community.linuxmint.com/software/view/wireshark], but I don't think it was ever included in the default software bundle.
Wireshark is pretty robust and might fit your needs, give it a look if you don't find what you're after.
According to:
https://www.wireshark.org/faq.html#q6.10
Most OS packet capture libraries (i.e. pcap/Winpcap) don't include the FCS. So it seems it's not a Wireshark issue directly - but rather packet capture mechanics. I believe the FCS is checked in hardware, and it never quite makes it into user data. It's gone by the time pcap gets a hold of the frame.
Before even considering fulfilling that request, you might want to verify that such monitoring is legal in your country or portion thereof (in some places, it ain't).
With that out of the way, I usually use Wireshark if I need to monitor network traffic beyond what the router/switch/gateway provides.
https://msdn.microsoft.com/en-us/library/ms181091.aspx
You can find out EXACTLY what is causing it!
Also:
SELECT session_id, num_writes, st.text AS statement_text FROM sys.dm_exec_connections AS ec CROSS APPLY sys.dm_exec_sql_text(ec.most_recent_sql_handle) AS st ORDER BY num_writes DESC
Well shit, I hope it's just poor server performance. If it is actually 10-20 tickrate you can pretty much kiss competitive gaming goodbye.
Edit. Would you be willing to use Wireshark to check for certain? https://www.wireshark.org/
you have no clue how games work... do you?
game packets aren't large. you can do one of two things; either go find out for yourself or continue to pretend you know what you're talking about: https://www.wireshark.org/
ping is a function of distance and routing, period. line "speed" has zero impact. you may think it does because you heard it somewhere on the internet or because some salesman sold you a line of horseshit, but that doesn't make anything you've said true.
Wireshark isn't too hard to use, it's just got sort of a funky interface. There are enough tutorials that you should be able to set it up and get going within an hour.
Here's one on capturing traffic, and another on finding a bandwidth hog.
- https://www.wireshark.org/docs/wsug_html_chunked/ChapterCapture.html
- https://ask.wireshark.org/questions/9405/identify-bandwidth-hog
Note, this is going to be easiest if you can run it for a bit on each device in the house. If you want to capture stuff from wireless smartphones and the like, it'll be a bit more complicated, but still possible.
with tcpdump you can watch traffic going into a port.
BUT, that might not be the best solution. If possible, you should check to see if there is a way to tell how many players are on your server at a given time. Check every 10 minutes or so, and if 3 checks go by with the server population being 0, turn off the server.
Writing the script your self wouldn't limit yourself to AIM or other protocols. Essentially what you would be doing is reading the packet data and parsing out the relavent data in a particular protocol. In order to accomplish this however, you would need to study just how AIM, HTTP, TCP, etc encapselate there data so you can parse it in a meaningful way. The PCap library has a wide range of accomplishing this however. Try reading the PCAP Manpage, its not a light read but it is very informative.
BSSID filter on wireshark should be in the documentation probably a good idea to know the MAC addy of your network.
​
https://www.wireshark.org/docs/dfref/w/wlan.html( wlan.bssid=macaddyhere)
Wireshark is a software tool that watches network traffic. It can be used to learn what a computer (or a specific program) is doing with its network connection. What other computers is it connecting to? What is it saying to them, and what are the responses? How often? How much traffic? Which protocols? And so on.
In general, I try to play the claim and not the person. If Liebnitz himself jumped out of the grave and told me 2+2 is 35, I'd question him; I don't give a fuck if he (mostly) invented calculus -- I want a rigorous proof.
On the other side, when people ask me questions about the software I've written, I answer the questions. Telling them who I am doesn't get them any closer to a solution or a better understanding.
Which flags are those? I'm not seeing them.
And, like I said, they bundle TShark for command line work, so I don't see why they'd enable Wireshark to do the same.
https://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html
https://www.wireshark.org/docs/man-pages/tshark.html
edit:
Closest I see is -X which looks to launch TShark instead of Wireshark.
Is there a MAC address labeled anywhere on the device? If so, you can search the OUI (first 6 characters) and will provide you with the vendor it's registered to.
https://www.wireshark.org/tools/oui-lookup.html
Use the above link to plug in the OUI.
Do arp -a in you Windows command prompt and find the MAC addresses associated with the IP's in question. If you don't get an ARP entry for either address, ping the address (they don't have to respond) then run the arp -a command again and you should have a mac address.
Then use an OUI lookup tool to see what the device manufacturer most likely is.
https://www.wireshark.org/tools/oui-lookup.html
https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries
They absolutely do know what router you have. They can see the MAC address and whether it's gotten a DHCP lease for your public IP from them. I've called in before regarding connection issues and the person on the other end asked me what kind of router I had, because the MAC address and OUI lookup on their end was showing up as "Test Systems" or something because one of my routers is a custom SFF pc and has a weird MAC address on the ethernet card.
Edit: If you do a little research instead of just downvoting, you'd see that I'm right. Just take a look at the Wireshark OUI database. It has all the usual brands including netgear, asus, belkin, ubiquiti, and more. ISPs aren't flying blind when it comes to what router customers are using.
> If im using a private search engine, such as Qwant, which (supposedly) does not log or track data, and uses its own indexing.. If im using nothing more than a naked incognito firefox browser (not even HTTPS Everywhere, or any anonymizing/proxy/vpn tools), is an ISP able to see(log) what my search queries are?
If you are accessing a website via HTTPS your ISP shouldn't be able to see your (search) queries, only the domain.
For details see: What can your ISP really see and know about you?
You can see for yourself if you install Wireshark.
Not really. These devices don't have a ton of memory in them, which you'd need to buffer all the recordings before sending them off to the mothership.
Besides, it'd still be easy for anybody with a networking background to catch that as well. All you need to do is install a switch that supports port mirroring between the Echo or other device and the internet, then use a program like Wireshark and you can log every single bit of data that is sent to/from the Echo.
And it's highly doubtful that the data they would send/receive would be encrypted in any way, or if it was then it would likely be weak enough to crack without much effort. There's not a whole lot of horsepower in these things either, and decent encryption is time consuming and CPU intensive. So it would likely be fairly easy to get a handle on the data stream if you really had an interest in studying it.
You can log the traffic and determine what devices are using your wifi with Wireshark, but just let it go and set the password. Even softcore hacking is illegal.
I'd change my network name to something petty, like "Stop using my wifi I can see you".
While flow control is the better option, tshark with -q (summarize rather than display running count) and -z (statistics) might get you some details.
$ tshark -a duration:5 -qz ip_hosts,tree Capturing on eth0 631 packets captured
=================================================================== IP Addresses value rate percent ------------------------------------------------------------------- IP Addresses 618 0.119317 10.x.x.x 70 0.013515 11.33% 10.x.x.x 117 0.022589 18.93% 10.x.x.x 489 0.094411 79.13% <snip>
===================================================================
Relatively certain you can run tshark on windows.
> Space requirements are negligible.
I don't think this is true. Have you ever done a Wireshark trace and seen how many TCP/IP packets actually get sent as the result of visiting a single web page? It's in the order of 100 packets (to many different IP addresses) per click/page.
Very rough back of the envelope calculation ...
Logging only the customer's assigned IP address: (10 bytes [IP address] + 4 bytes [date]) * 730 [2 years] * 1000000 [customers] = 10.2 gigabytes
Logging all of the destination IP addresses:
(10 bytes [IP address] + 4 bytes [timestamp]) * 100 [packets per page] * 1000 [pages visited per day] * 730 [2 years] * 1000000 [customers] = 1022 terabytes
Logging the customers' assigned IPs is a trivial amount of storage. Logging all of the destination IPs is a significant expenditure.
perhaps it's late, I've had too much to drink, and misunderstood the question. you definitely can capture directly from within wireshark from a card in promisc.
https://www.wireshark.org/docs/wsug_html_chunked/ChapterCapture.html
whether or not that gives you useful time resolution I guess I'm not informed enough on.
Would someone who is not a MS shill and/or some random czech guy, that actually was brave enough to INSTALL Windows 10, just spend 5 minutes to install Wireshark (https://www.wireshark.org/), and perform few tasks, and see if their OS is talking to any of those IPs? Should be easy enough to do.
> you can't debug it using stuff like telnet or inline text-mode sniffers
This is significant. Learning HTTP/1.0 or HTTP/1.1 was easy - you could teach it to children and they should have been able to "get it" for the most part (although things like content encoding and chunking may have been somewhat more difficult to understand).
Ideally HTTP/2.0 should, in my opinion, have been extracted from the session/presentation/application layer and made into a new transport layer protocol (an alternative to TCP) because ultimately that's what this revision is trying to achieve: a more efficient transport.
Instead we now have a transport protocol on top of a transport protocol all binary encoded so that you are forced to use heavy interception tools like Wireshark to make sense of it.
Don't get me wrong - it is exciting to optimise something: network traffic, latency, anything. But I suspect system administrators and network engineers are going to be face-palming for a generation out of frustration at the complexity of diagnosing maybe the most prevalent protocol in use today.
How tech-savvy are you? If you have multiple devices on the network, you could try using Wireshark to capture for a few hours and isolate the source and destination IPs as well as some info on the traffic type.
In addition to R or SPSS, I highly recommend JASP (https://jasp-stats.org) - it's a free to use statistical software with an intuitive graphical user interface developed by many Psychology professors across the world. My Psychology professors/supervisors also recommended me to use it when analysing data for my Masters thesis :)
It's simple, quick to install and gets the job done!! Best of all, it's very very intuitive to use!
Look at JASP: https://jasp-stats.org/
It's new and open source, but it has an interface like SPSS and can probably take care of all the basics you need.
Nothing is going to do all your work for you though: you need to understand what you want to do, what tests you want to run and how they work in order to actually present something meaningful
From the FAQ:
> Q. What programming language is JASP written in? > >A. The JASP application is written in C++, using the Qt toolkit. The analyses themselves are written in either R or C++ (python support will be added soon!). The display layer (where the tables are rendered) is written in javascript, and is built on top of jQuery UI and webkit.
For those curious, the packet-sniffing software they are using in that demonstration is Ettercap, available for free.
In my case, all I need to do is
$ sudo apt-get install ettercap aircrack-ng
and suddenly my innocent Ubuntu netbook is converted into a hacker's wet dream. Something like that, anyway.
That sounds about right for an mediocre router.
Lets do some tests, run vistumbler for 5mins and post a screenshot.
Its important to understand that wireless is shared medium and must take turns with everything on that wireless spectrum even devices that aren't on your network.
God damn the world is small.
Yeah, I got out in late 06 on medical and went back home. Now I am doing IT work, little bit of everything. In my spare time I am writing a Wireless Access Point Database.
Smoking is my way of relaxing now, since I cant really drink anymore.
I still have a print out of our class picture also, but its under a bunch of boxes, will have to dig it out.
I'll take a guess that you are still in the AF?
> But to try to log all the front-side packets to disk would be brutal.
Heh, so don't log to disk =) Carve out a small RAM disk per VM, then set a snaplength and circular buffer:
mount -t tmpfs -o size=100m /mnt/ramdisk tcpdump -i enp0s1 -nn -s64 -w /mnt/ramdisk/pcap -C49m -W2
(I'm not necessarily recommending people do this, just playing devil's advocate.)
> TCPdump is a microscope - not a Radar installation.
You might be surprised what you can do. Our software developer has some services running PCAP for gathering data on somewhat-high-query-volume recursive nameservers. But he's probably a little biased toward it.
Yeah was going to say this too. I watched the report and (as a long-time InfoSec guy) was dubious to say the least. At one point they say the Computer Expert^tm was using "specialized software", which I'm sure he was, but the screen was just showing tcpdump traffic scrolling by (i.e. just network communication traffic.)
A fellow student mentioned making "driftnet" (picture-sniffing program) work for wireless networks.
I started learning libpcap and the pcap functions in C. Using this guide to learn my way through. Just dumping packets right now...
I would also advise using something like "little snitch" to regulate application traffic, as the native firewall client is quite limited (e.g. portmaster.)
Against ransomware, I would advise to use encrypted backups. Sadly there isn't a user-friendly solution for Borg (Afaik), but I'm sure there are plenty of others.
We're developing something that might fit your needs: The Portmaster.
It's still in alpha and we're looking for testers. You might encounter some issues here and there, but it runs quite well already. If you do try it out, we'd love to hear some feedback!
It's really easy to install and uninstall again. ;)
yes APs send out beacons periodically. The first half of the MAC address is known as an OUI, which usually describes that manufacturer (but can easily be spoofed). In terms of specific model ("specs"), that's trickier to determine.
​
>Imagino que em provedores grandes como as 4 maiores não tenha a mínima chance de algum funcionário ver o que o usuário faz devido ao controle do sistema, estou certo?
Defina o que você quer dizer com VER. Os mais graduados podem coletar amostas do tráfego sim mas o que a gente vê é algo parecido com isso: https://www.wireshark.org/docs/wsug_html_chunked/wsug_graphics/ws-time-reference.png
Um bando de IPs de origem e IPs de destino... que significam o quê? O que você está vendo na sua tela? Nada disso. Está vendo o cadeado verde aqui nesse site? Significa que só o servidor do Reddit e seu computador sabem o conteúdo. A gente que transporta isso só vê ruído, mal tem como saber que site você acessou. A página dentro dele não temos saber.
Não há valor financeiro nesse ruído. Não há o que usar ele para te fazer marketing de algum produto, saber nada de útil ao seu respeito. O que você joga no lixo da sua casa trás mais informações do que isso. Pelas embalagens dá para saber que tipo de produto você anda consumindo. Agora esse ruído todo do tráfego criptografado? Nada.
The best way is to use Wireshark, just install it (includind winpcap), then run the software and double click your connection (ethernet or wifi adapter).
From that point on start a game and you should see a huge stream of UDP/DTLS packets coming and going to the same IP, copy-paste the address HERE and if it says Microsoft Azure that's xCloud 😁
Penso che per noi italiani/europei la destinazione più vicina siano i datacenter in Olanda o Germania, mi sa che quelli in Francia non siano attivi per xCloud
> What’s witeshark? And can you share any fun ones?
It's like Whitesnake but with RNG music generation.
If on the other hand you're serious, about "What is Wireshark?" then, it's the default opensource packet capture program used by lots of people to look at wire level data traversing a network:
no problem! if you want to get in to the nuts and bolts of this, I would recommend you download a program called WireShark (it's free/Open Source) and start fiddling. Read a few internet guides on what kind of stuff you can do.
I wrote a python script that went to wireshark’s display filter reference list, ripped all the different filters names and then pulled a Wikipedia synopsis about each one... only do this if you have lots of hair on your chest
Listen here, fuckbag. I'm a warehouse worker with a CCNA and working on my SEC+ certification. I've always been fascinated with IT but have never sought out a job for it.
You don't have the slightest fucking idea what you're talking about.
You can go download Wireshark if you want and capture ALL OF THE TRAFFIC THAT HITS YOUR NIC if you don't believe me. There are also open-source IDSs out there where you can LITERALLY READ THE CODE AND COMPILE IT YOURSELF.
I'm so tired of this fucking sub. Stop filling gaps with your ignorance and learn a fucking skill.
It's not, if it was people would easily prove it.
Some people out there love to disassemble and analyse electronic devices.
Nothing leaves my house without analysis. https://www.wireshark.org/
> Second of all, you're naive if you think that that setting actually prevents them from listening in on whatever they want, regardless of whether it's Apple or Android. It's pure posturing.
You realize that network sniffers exist right? (See Wireshark). So you can record every packet that enters/leaves your phone and see when it happens.
Researchers have already used that and other tools to find out that Android Sucks 10X More of Your Private Data Than iPhone.
Someone will probably give you a java specific answer that works exactly for your current situation, but in the mean time here is a generic answer: https://www.wireshark.org/ You can use Wireshark to diagnose the pipes.