What is Reddit's opinion of
Wireshark?
From 3.5 billion Reddit comments
➔ Wireshark website
By popularity on Reddit, this Service is:
100 reviews of this app found across Reddit:
Uhm... You may have read it wrong? There actually is a very popular network debugging tool by the name of wiresharK https://www.wireshark.org/
If not then... Lol. Although I can see a torrenting/file sharing tool used to stress systems, but I imagine there are better tools suited for that.
I'm not shrugging this off because it's Valve. If anything, I think it deserves more scrutiny because it's not about EA (or their ilk). Valve is one of those companies that I think I agree with in their basic motivations, but does some things that deeply worry me.
At this point, though, I am shrugging it off for the following reasons.
- I could not find any network code in the original code snippet. Yes, it appears to retrieve the dns cache, hash the results, and do some comparison and storage. No where, though, does the code send the hashes to a remote server. The biggest problem with that is that OP's analysis specifically included the hashes being sent to Valve's servers. Now, I might give OP the benefit of the doubt, but...
- The lack of network communication was pointed out in the original thread. The response has basically been "Valve never compares things locally" and "We don't know what all these functions do". Making the claim that VAC phones home with information without any real evidence (especially coming from someone with enough expertise to reverse engineer a VAC DLL) points to some kind of motivation against Valve. This doesn't outright discount the claim, but it does increase my desire for independent verification.
- If VAC is sending information back to Valve servers, this should have been dirt simple to confirm using a network analysis tool such as Wireshark. The lack of this kind of evidence makes me think that publicizing the discovery was rushed, probably to ensure that it made the biggest splash in the community.
Sure -- the experiment would be be a pretty trivial download of a packet & network analyzing program, and then monitoring whether there is outbound voice data being sent by the browser or any other apps. (spoiler alert: it isn't)
Bit late, but will still go at it. When he said "wire shaked", it means he used a packet sniffing tool called Wireshark (https://www.wireshark.org/).
When someone sets up a voice call in over steam, the connection doesn't go through their servers, it direct connects you to the other person's computer (for less lag presumably), because of this you can use Wireshark to get someone's ip (https://nictutorial.wordpress.com/2014/06/19/wire-shark-finding-your-friends-ip-through-steam/).
Now that isn't enough to get your real name, but having your ip is enough to get about where you live. So if he was able to associate your steam username with a profile you might have somewhere else, i.e. you use the same profile name for your twitter or something. He might have been able to find your real name. Then using (most likely) Facebook he could search your name and confirm with the ip location which person is actually you (if you have a common name). And bam, you've been dox-ed...
Quick note, Wireshark will do absolutely nothing bad to your computer, it just looks at packets, there is a 99% chance they did nothing to harm your computer, and I severally doubt some fear-monger on steam would have the skill/knowledge/motive to actually do anything bad.
- Install Wireshark
- Capture all packets received by the wifi device.
- Save complete capture session to a file.
- Send capture file to the FCC along with your report.*
Yes, it might be a little over the heads of most consumers, but there are plenty of simplified tutorials for using wireshark, and capturing all traffic is a very basic action for the program. As long as it can see your wifi device on your computer, it can capture packets received by/visible to it.
*If you're not technically inclined enough to understand what wireshark is doing or how to read the capture log, then perhaps something like:
>I was having trouble connecting to my wifi hotspot device while staying in ______ hotel at ______ address. I'm concerned that they may be attempting to block access to my personal device by illegally pretending to be my wifi hotspot and telling my device to disconnect (in essence, jamming the signal.) With the help of others on the internet, I was able to capture the attached log of wifi traffic visible to my device using the program Wireshark. Please review it for any sign that they might be engaging in such a practice.
The Organizationally Unique Identifier. Every network port has a MAC address. The first half of which is assigned to the manufacturer of the unit. If you punch the MAC address into an OUI Lookup Tool it'll be able to tell you who made it (theoretically).
What?!? Are we talking about https://www.wireshark.org/ ?!?
The completely free and limitless tool? That captures every protocol you dump on the line?
​
There is no pro, or you sir, are a very good troll :)
Just as Battle(non)sense, I used Wireshark. Join a match, start capturing.
Afterwards you can create a graph from the captured data. I used Statistics, IO Graph to create the packets per second graph by filtering on packets received from the gameserver IP, filter: "ip.src == gameserver_ip_here". You can find the gameserver IP in the long list of captured data by looking at the IP that sends lots of UDP packets in the 7000-8000 port range.
If you see this player on the other team, boot this up:
EDIT: Wireshark is a packet-sniffing tool that can took at all the traffic coming in and going out of your computer. If you see this barcode player on the other team, start up Wireshark and allow it to sniff the packets going over the net. If you end up getting DDoS'ed, you'll be able to see where the flood of packets is coming from and give this information directly to Riot.
You can use USBPcap to capture the raw data from the USB bus then view it with WireShark. The learning curve can be rough since there's a bunch of messaging that will have nothing to do with the actual data you're looking for. I would also recommend unplugging as many USB devices as possible so you have less junk to sort through.
OPs screenshot doesn't have enough information to make a determination. A more powerful tool such as Wireshark can decode the actual traffic.
If OP isn't using any IPv6 applications all that traffic can be attributed to the exchange of routing information that needs to be shared across the tunnel. A sample I've taken from my own network shows about the same frequency of traffic and it's all routing related. Nothing sinister (or even interesting) going on here.
Your life would be easier if you didn't reinvent the wheel and used tcpdump (or at least stored to pcap format) and then analyzed with Wireshark / TShark.
If you modify your format just slightly (remove the leading 0x, add offsets) you could use text2pcap to generate a pcap from what you are already doing or import it directly to Wireshark.
A box, running a 100% Libre GNU / Linux distribution and Wireshark https://www.wireshark.org/, configured as a router should do the trick. This effectively puts the DRM infected Apple and Microsoft devices in a FLOSS jail.
On a windows machine, you can run the command "netstat -a -b" from the command prompt (may need to run with administrative privileges) to see which programs have open connections and what port they're using. You can then use this info to cross-reference packets traversing your PC so you can rule out what traffic is good and questionable (use wireshark for this). Might be a good idea to turn off as many services as you can on your NIC because a base install of windows has a lot of garbage traffic.
Once you see some traffic that is questionable, block it in the firewall and see what breaks. That's a great way to see what programs are accessing the internet and how it all works.
I bet that sneaky bastard has been sniffing your packets!
Check all of the ports on your computer thing. Is there anything strange plugged into any of the USB holes?
You could always try:
> https://docs.microsoft.com/en-us/sysinternals/downloads/rootkit-revealer
...and other sysinternals tools.
Make sure you also set all Cmd and PowerShell windows to use green text on black background. This is important.
Edit: Hm, you could also try https://www.wireshark.org/ and Fiddler, to see if there's any sneaky shit being sent out via something nefarious on your box. Make sure you follow HACKERMAN's tutorials first, though:
> https://www.youtube.com/watch?v=KEkrWRHCDQU
...otherwise you may accidentally hack yourself back to The Viking Age.
Edit Edit: DO NOT RESET THE ROUTER! Otherwise you may suffer the same ignominious fate as Router-kun; whether it's your fault or not.
I have a simple suggestion for you that will show you the full extent of the issues. Download Wireshark.
Record a typical session on your old OS.
Now record a session on 10, your goal being to get the reporting down to what it used to be. First use the GUI to disable as much of the monitoring as possible. Record again. Now use Group Policies to disable as much of the additional monitoring as you can. Record.
Not there yet? Pull out all the stops, whatever you need to do, assuming it's native to Windows. You're likely into firewall settings, routing tables, registry by now.
Now ask yourself, could the average user do this? Would they even KNOW what the concerns are?
I don't know man. I'm likely to pick up a lot of business from this change, so it's good for me personally. But I don't think it's good for the user.
Hey, reading this post reminded me of a post by /u/SweetAndFluffy who developed a vibrator controlled by picking up diamonds in Minecraft. Maybe he is willing to help you if he is still active?
Apart from that, it seems to me that parsing the video output of the game is a hard and time-consuming task to get right. Have you thought about parsing the required information from network traffic? Idk how hard this is but maybe Wireshark can help you if you have some spare time :)
Wireshark is super simple to use. The trick is understanding what you're looking at, and for that you're going to need to have detailed understanding of the things you're trying to troubleshoot, like Kerberos, NTLM, SMB, TLS/SSL, Certificates, how to do filtering etc...
You're asking how to use a chef's knife to make Boeuf Bourguignon. You need a solid understanding of ALL of these things to properly see how the tool helps.
But for starting to learn Wireshark and how packets work, I encourage ya to read https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
Can you capture traffic with Wireshark as well when you access the hidden service with Windows 10? You don't have to share the complete dump. I'm sure someone could help you with a filter, default ones are pretty easy, e.g., "http", shows HTTP requests. They are basically as easy, or even easier to read than Apache server logs. You probably don't need complex filters if it takes under 17 hours, and you don't use the laptop for anything else except opening your hidden service in Tor once. Although if an app updates in the background that's going to cause multiple log entries.
Example screenshot from a Wireguard dump: https://www.wireshark.org/docs/wsug_html/wsug_graphics/ws-main.png
The top part (here in green) should be readable without too much background knowledge. Source & destination ip, protocol, etc. already give you a lot of information.
I didn't spend long researching this, so take this only as general knowledge. It may or may not be specific to the passwords you are seeing/your environment.
Some default wifi passwords are based on the MAC address associated with the router. This may or may not be true for AT&T, and if so, the probably aren't using the same method if symbols are included. They likely are using some kind of formula though, and MAC addresses make a good enough "unique" seed that is associate with the device.
With this knowledge, you can narrow down the possible values. For example, you can start by using only OID's for popular/known manufacturers. With enough known passwords, you may also be able to narrow down the character set they are using.
The TL;DR is that dictionary attacks likely aren't effective. However, if you collect a large enough sample and are familiar with how the default passwords are generated, you can significantly reduce the keyspace and intelligently brute force the passwords in a way that may not require weeks.
At some point, your browser is making a web request to their server to get the file. You can use something like Fiddler or Wireshark, or even your browser's built in developer tools to figure out what that request is instead of trying to recreate it from the code. Handling the request directly is way faster and more reliable than using Selenium.
Why would you give them the same hostname?
Suggest you load Wireshark https://www.wireshark.org/ on one of the machines and look at what is happening when you try to ssh from one to another.
Here is the detailed step by step "guide". It won't tell you more than 5 minutes to find out:
- Download and install Wireshark
- Open Wireshark and capture with WiFi or Ethernet (whatever you are using)
- Open Xbox Cloud and load a game, wait till the game menu loads. Don't close it and open Wireshark
- On Wireshark go to Statistics > Conversations, then go to the UDP tab
- Sort from greater to smaller on column "Bytes B > A" and check the line with several MB's of traffic (which should be increasing slowly if you didn't close xcloud)
- On Address B you have the ip address providing you the stream, write it down.
- Now download & install WinMTR and check the latency and packet loss with for that last hop.
Example of mine here
​
In regards to your question, maybe the traffic is being routed in a very efficient manner. You'll know if that's the case when you perform above test :)
You could use a packet sniffing tool like Wireshark to monitor the requests made by the game. But, reverse-engineering a network protocol is very difficult even in the best scenarios where a game is actively online. Maybe you'll get lucky and discover that it's using a relatively simple or existing protocol. But it could be entirely proprietary. It could be encrypted. And without an active server providing response to the client's requests, it could be literally anything. Good luck!
There are no encryption options for wireguard.
Wireguard is always encrypted, and does not support/allow operating without encryption.
Wireguard was intentionally designed to be simple and secure by a bunch of fairly skilled cryptosecurity folk, and there have been so many protocol downgrade attacks over the past decade that they decided to just start off with the good stuff and not give folks a ~~choice~~ opportunity to do it wrong.
I'm not sure what happens if any of their choices become obsolete in the future, guess we'll find out at that point.
Btw, this decision has absolutely nothing to do with PIA, they're just implementing the wireguard protocol as-is.
If you want to check, wireshark is an open source tool for Win/OSX/Linux that can capture, display, and decode network packets.
You can start by downloading Wireshark and learning how to analyze network traffic to see where your data is coming from and being sent. Here's a beginner's tutorial.
This I a very technical answer but you could try running wireshark https://www.wireshark.org/ and see what the connection is doing.
Most common cause if firewall (turn it off to test) or general network.
Also if your plan and phone support it try conning your computer via your phone to the internet. Some ISP do block odd stuff.
One thing I would try is to use a network traffic analyser to see what ip addresses your phone sends data to, in the hope that you can identify what/who is doing this. This is assuming you have a desktop or laptop to install it on, and you have WiFi at home you connect your phone to. Also assuming some technical savvy, or willingness to learn :)
I recommend installing Wireshark, then finding the local IP address of your phone so you can limit the network traffic wireshark logs to just the phone - you can usually do this by logging into your router’s administration settings and looking at all the connected devices.
Then pick your favourite wireshark beginner’s tutorial - I recommend this youtube guide.
IP addresses can be generally tracked to ISP or owning company and general area by using any one of many websites when you google for “ip trace” - so any wireshark output can be checked easily.
There should be a bunch of either apple or google ip addresses depending on what phone you have, there should also be ip addresses for any app you open that goes online, and any websites you visit you should also see that network traffic. These are all going to be legitimate things and you can use wireshark to exclude them from the analysis.
Hopefully then leaving wireshark running and logging for a longer period of time (say 24hrs at least), there’s less traffic logged to look through, and any suspicious and/or malicious activity should be easier to spot in the log.
Wireshark lets you capture packets, so you would see all of the raw traffic in / out of your PC. It requires some learning, but you could probably recognize personal info in the raw packets, if there un-encrypted. do a capture, select an HTTP GET in the lines of raw capture, and within the wireshark menus, select Analyze->follow->HTTP Stream. That is the quick version.
Selbst dann wäre es sehr leicht nachzuvollziehen, wenn Google durchgehen dein Gespräch abhören würde. Netzwerkanalysetools machen das auch für den Laien recht einfach. Probiers einfach selber aus: https://www.wireshark.org/
Ho boy, Software Engineering student here. I don't know much about the history, All I know is that it was a military invention for rapid communication between pysically remote chains of command. Hopefully I can contribute a bit of clarity about the present day though.
The short answer is that the internet is actually incredibly, awe-inspiring complicated, and the fact that you can even load www.google.com, no less search anything is a modern wonder of the world. You're absolutely right about the protocol idea. There is a "stack" of 7 protocols that sit on top of each other each "wrapping" the levels below. Some information can be found here It sounds like you're most interested in layer one and two. Googling in that direction could help you out.
Vis-a-vis the network of networks and redundancy, you are correct. There are thousands upon thousands of these today, each ISP around the world will have an arbitrary number their own and even spin them up for corporate clients. The protocol that stitches these network "neighborhoods" together, BGP is incredibly complicated. My networking prof said that any given time, the number of people who honestly and completely understand BGP in the world is in the order of dozens.
To take a closer look at some of the signals you're sending, try wireshark it's the industry standard for "sniffing" the packets that are being sent across wires.
I would use something like glasswire to monitor my traffic and see what is going on. If you want to leave something running that logs so you can show the IT guy I would use wireshark. Both can help you track down the culprit.
Are you installing an official copy of your OS or something downloaded from 3rd party?
It's likely a console cable for their infrastructure. The cable was probably sitting in the sun and faded, but my thought process also involves cabling standards that I'm used to.
That's a microwave tower that's likely used for internet connection. I'm not sure how that country is set with internet, but if it's in a mountain range, that's probably an organization's sole means of connecting to the internet.
If it were me, I'd go back with a laptop and run Wireshark just to see what's going on there, lol.
You could use Wireshark to search for packets not being routed through the Tor network:
If you are using Windows, you could run "netstat -ab" from an administrator cmd terminal to list program names and what ports they are using to match them up with the port numbers you see in Wireshark.
You may want to use a "bridge" line in your torrc file to restrict your connections to the Tor network to a single node to make your analysis easier:
UseBridges 1
Bridge aaa.bbb.ccc.ddd:eee
https://www.torproject.org/docs/bridges.html.en
You can use any Tor relay as a bridge:
This is one way... maybe overkill though.
- Find a laptop running Windows with both a wireless network card and a wired Ethernet port.
- Install WireShark
- Connect to the internet over WiFi on the laptop (you may need to do this on a friend's connection if yours is disconnected...)
- Use Internet Connection Sharing (in Windows) to share the WiFi connection with the Ethernet connection
- Open up WireShark and configure it to listen on the Ethernet NIC
- Connect the Pi to the laptop with a crossover ethernet cable
- Verify you have an internet connection on the pi - ping 8.8.8.8 or something (you should be able to see the ping in WireShark on the laptop)
At this point you'll also be able to see all other traffic going to/from the pi. If it's sending out spam, you should see loads of outbound connections where the destination port is 25.
Try tcpdump (it's a command utility) I believe you can then import logs to pirni and read them. If you have a desktop/laptop with you, you can try wireshark https://www.wireshark.org/ I also believe that you could dump logs with tcpdump and then use wireshark's GUI
The next time you have a skype session with your friend, run Wireshark in the background. This will pick up any and all network traffic on your network being sent in and out.
EDIT: Program_These brings up a good point, I generally forget that not everyone knows what I know. Here's a Youtube link on how to set up Wireshark. Here's the Wireshark documentation on everything that you could possibly want to know and a lot of things that you don't.
some internet routers will store their own records of all sites and addresses accessed and that persists regardless of whether someone uses private browsing or not, and this will store data for every device on the network regardless of whether it's a phone, windows pc, mac, etc. it requires some amount of technical know-how to be able to bypass this logging, although it's not particularly difficult if you know what you're doing (i'm guessing that the fact PA doesn't know how to clear his DNS cache means he doesn't). so u/sadperson3628293 you can check if your router has this option if you need to look for that, you can log onto the management site for it usually by going to 192.168.0.1, 10.0.0.1, or 192.168.1.1 (try all three) in your browser and then log in with the administrator username and password that should be printed on the router.
in the event that the router does not keep logs that you can access, there are more technical snooping solutions that you can apply, such as using wireshark (i'm happy to give details about this if you want, bc i've used it before for more benign network analysis) or getting a dedicated device designed with the purpose of logging website traffic. the benefit of these solutions is that you do not need physical access to his devices and do not need to install anything on them.
the one thing is that these solutions work for home internet, including wi-fi, but they don't work for mobile data like he might use on his phone. there are phone apps specifically for that, though; the one i'm most familiar with is circle but there are others. there are also different solutions that don't directly use web logging, like covenant eyes and keyloggers. the main disadvantage of this is that you need physical access to his phone and he could potentially uninstall any software put on there (although some is designed to be harder to uninstall).
Forgot to mention you can do a manufacturer lookup of the MAC addr at https://www.wireshark.org/tools/oui-lookup.html
Just looked it up, and unfortunately you are correct. It's not an ESP (manufacturer comes back as Tuya Smart, not Espressif)
I've done about 20 transplants where I remove the Tuya module and replace it with an ESP, but most of those were replacing the WB3S Tuya module with an ESP-12 which is a drop-in replacement. The few I've done with Tuya modules that don't have a direct replacement worked but they were not fun to do
You essentially want a wireshark or android tcpdump im guessing.
See: https://ask.wireshark.org/question/3821/how-can-i-see-the-traffic-of-an-android-app/
Do you know how to run Wireshark to capture the traffic to the Starlink terminal?
Either there is a mixup between the routes your getting via DHCP from the terminal and the ones your setting manual. Or there is some form of authentication going on that only work with the Starlink router.
I'm going to add to this, and hopefully not discourage.. You absolutely should be running a firewall on the only port you are given in a leased office. You said yourself that you think it is on its own separate VLAN, but you don't know for sure. And, even if it was, who is managing that VLAN? You could easily find out if there is other traffic that can be reached through that port which in turn would tell you whether or not other people could access what is connected in your office but that may be beyond what you are comfortable with; Wireshark.
From a security oriented standpoint it shouldn't matter whether you are on a VLAN or not. You should have absolute control of everything that is connected to your network internally. By placing pfSense as the first device on your only port you're drawing a line in the sand; everything behind pfSense is in your complete control. the only issue then becomes how to secure your data between the internet and pfSense. This is where an externally hosted VPN, such as PIA, could be used. That would allow for the encryption of ALL data that goes over your proverbial line which would prevent eavesdropping from the other offices / ports / system administrators in your building.
Congrats on your business venture!! Without trying to come across as a total douche nozzle, stick to offering services you have a firm grasp on to your customers. In other words, you may want to delay offering networking services until you are comfortable with all aspects related to a network you provide; think of the liability...
https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
Wireshark using some of the flags. Don't bring up the GUI part of Wireshark. Will give me data in my terminal. Without bring up the Wireshark GUI window.
Use process monitor to watch file/registry changes; wireshark to watch the network. I would expect the DRM to be more complex than a simple file token, but you never know...
Hey, I've been wanting to talk about the specifics of the netcode for a while now!
By analyzing the game's network data in Wireshark, we can confirm it is P2P. If it used dedicated servers, you would see the game talking to one server on the Internet somewhere. Instead, what we see is the game talking to each of the individual consoles in the match.
P2P falters when one person's Internet connection is terrible, or worse, if the host's connection is terrible. Many game state variables are synchronized with the host as well, and for many things, what the host says goes. However, things like kills, bullets, player position, etc... are handled by each of the individual clients. When someone dies, the killer sends a packet to the host and client saying that the person has been killed. The victim then sends a packet back to the killer to confirm the kill - only when this happens does it pop up "Splatted X!" on the bottom of the screen. If their connection is terrible, this will definitely appear laggy. You can judge the current lag in the match by comparing the position of where it appears you've killed the person to where the icon that appears after they die. This icon is where the victim says they were when they die, so if they don't match up, there's probably lag between you and them.
Yes, it pretty much sends multiple copies. (Internally, the game calls this "cloning".) It isn't too wasteful considering that data is only sent if there's a change.
Yes, I believe they definitely took that in account. P2P doesn't require as many servers as using dedicated servers, which means less costs. The less money that Nintendo has to pay, the more likely they're going to keep the servers up after the Switch is no longer supported.
Das Thema war, dass Google angeblich heimlich dein Mikrofon aufzeichnet. Bin mir nicht sicher wo hier der Zusammenhang ist. Vor allem weil die von dir genannten Apps alle ohne Mikrofon und Kamera funktionieren.
Netzwerkanalyse ist auch für den Laien, der nicht viel Ahnung von Computern hat, keine Raketenwissenschaft und man könnte es sehr einfach nachvollziehen, wenn Google hier illegal handeln würde. Probiers einfach aus: https://www.wireshark.org/
Just a minor nit here, the article states: > So, I have no way of knowing what the protocol is actually doing during a file transfer, just as I have no way of knowing what the client software is doing to my laptop, or what the server software is doing to my servers.
You can find out pretty much exactly what the protocol is doing on the network during a file transfer, either by observing on the same machine (see front end tools like wireshark) or with the proper instrumented network routers in between. There are likely a number of network reverse engineers out there who could take a look at what overall network approach fasp is using, and maybe make some recommendations on how you might get a high performance transfer going by tuning existing public tools. Offhand maybe this analysis might appeal to someone in the presenters community of various security conferences (maybe they're looking for a topic to present..).
You didn't mention any in-path devices (minus ATT's stuff, of course) that might alter traffic. If there are any, you might have to capture at both ends and correlate. Even if not, it might give you ammo to force ATT to actually troubleshoot the issue.
A tip, in case that's necessary here:
https://www.wireshark.org/docs/wsug_html_chunked/ChStatCompareCaptureFiles.html
And a publicly posted example where a pcap from one end wasn't enough (not my blog): http://www.showconfig.net/packet-capture-on-both-sides-of-a-conversation/
Was going to suggest (Wireshark)[https://community.linuxmint.com/software/view/wireshark], but I don't think it was ever included in the default software bundle.
Wireshark is pretty robust and might fit your needs, give it a look if you don't find what you're after.
According to:
https://www.wireshark.org/faq.html#q6.10
Most OS packet capture libraries (i.e. pcap/Winpcap) don't include the FCS. So it seems it's not a Wireshark issue directly - but rather packet capture mechanics. I believe the FCS is checked in hardware, and it never quite makes it into user data. It's gone by the time pcap gets a hold of the frame.
Before even considering fulfilling that request, you might want to verify that such monitoring is legal in your country or portion thereof (in some places, it ain't).
With that out of the way, I usually use Wireshark if I need to monitor network traffic beyond what the router/switch/gateway provides.
https://msdn.microsoft.com/en-us/library/ms181091.aspx
You can find out EXACTLY what is causing it!
Also:
SELECT session_id, num_writes, st.text AS statement_text FROM sys.dm_exec_connections AS ec CROSS APPLY sys.dm_exec_sql_text(ec.most_recent_sql_handle) AS st ORDER BY num_writes DESC
Well shit, I hope it's just poor server performance. If it is actually 10-20 tickrate you can pretty much kiss competitive gaming goodbye.
Edit. Would you be willing to use Wireshark to check for certain? https://www.wireshark.org/
you have no clue how games work... do you?
game packets aren't large. you can do one of two things; either go find out for yourself or continue to pretend you know what you're talking about: https://www.wireshark.org/
ping is a function of distance and routing, period. line "speed" has zero impact. you may think it does because you heard it somewhere on the internet or because some salesman sold you a line of horseshit, but that doesn't make anything you've said true.
Wireshark isn't too hard to use, it's just got sort of a funky interface. There are enough tutorials that you should be able to set it up and get going within an hour.
Here's one on capturing traffic, and another on finding a bandwidth hog.
- https://www.wireshark.org/docs/wsug_html_chunked/ChapterCapture.html
- https://ask.wireshark.org/questions/9405/identify-bandwidth-hog
Note, this is going to be easiest if you can run it for a bit on each device in the house. If you want to capture stuff from wireless smartphones and the like, it'll be a bit more complicated, but still possible.
BSSID filter on wireshark should be in the documentation probably a good idea to know the MAC addy of your network.
​
https://www.wireshark.org/docs/dfref/w/wlan.html( wlan.bssid=macaddyhere)
Wireshark is a software tool that watches network traffic. It can be used to learn what a computer (or a specific program) is doing with its network connection. What other computers is it connecting to? What is it saying to them, and what are the responses? How often? How much traffic? Which protocols? And so on.
In general, I try to play the claim and not the person. If Liebnitz himself jumped out of the grave and told me 2+2 is 35, I'd question him; I don't give a fuck if he (mostly) invented calculus -- I want a rigorous proof.
On the other side, when people ask me questions about the software I've written, I answer the questions. Telling them who I am doesn't get them any closer to a solution or a better understanding.
Which flags are those? I'm not seeing them.
And, like I said, they bundle TShark for command line work, so I don't see why they'd enable Wireshark to do the same.
https://www.wireshark.org/docs/wsug_html_chunked/AppToolstshark.html
https://www.wireshark.org/docs/man-pages/tshark.html
edit:
Closest I see is -X which looks to launch TShark instead of Wireshark.
Is there a MAC address labeled anywhere on the device? If so, you can search the OUI (first 6 characters) and will provide you with the vendor it's registered to.
https://www.wireshark.org/tools/oui-lookup.html
Use the above link to plug in the OUI.
Do arp -a in you Windows command prompt and find the MAC addresses associated with the IP's in question. If you don't get an ARP entry for either address, ping the address (they don't have to respond) then run the arp -a command again and you should have a mac address.
Then use an OUI lookup tool to see what the device manufacturer most likely is.
https://www.wireshark.org/tools/oui-lookup.html
https://regauth.standards.ieee.org/standards-ra-web/pub/view.html#registries
They absolutely do know what router you have. They can see the MAC address and whether it's gotten a DHCP lease for your public IP from them. I've called in before regarding connection issues and the person on the other end asked me what kind of router I had, because the MAC address and OUI lookup on their end was showing up as "Test Systems" or something because one of my routers is a custom SFF pc and has a weird MAC address on the ethernet card.
Edit: If you do a little research instead of just downvoting, you'd see that I'm right. Just take a look at the Wireshark OUI database. It has all the usual brands including netgear, asus, belkin, ubiquiti, and more. ISPs aren't flying blind when it comes to what router customers are using.
> If im using a private search engine, such as Qwant, which (supposedly) does not log or track data, and uses its own indexing.. If im using nothing more than a naked incognito firefox browser (not even HTTPS Everywhere, or any anonymizing/proxy/vpn tools), is an ISP able to see(log) what my search queries are?
If you are accessing a website via HTTPS your ISP shouldn't be able to see your (search) queries, only the domain.
For details see: What can your ISP really see and know about you?
You can see for yourself if you install Wireshark.
Wireshark works on Windows and even has a pretty GUI. It can save packet captures in a tcpdump-compatible format (among others). It even has a portable version if you don't want to install programs.
Aside from Wireshark, you can mirror a port in your switch, or if you can't do that, get a hardware network tap (like this) and then run Wireshark/tcpdump/whatever on a laptop connected to the tap port.
>Should I install Cygwin on my DC?
Not really. These devices don't have a ton of memory in them, which you'd need to buffer all the recordings before sending them off to the mothership.
Besides, it'd still be easy for anybody with a networking background to catch that as well. All you need to do is install a switch that supports port mirroring between the Echo or other device and the internet, then use a program like Wireshark and you can log every single bit of data that is sent to/from the Echo.
And it's highly doubtful that the data they would send/receive would be encrypted in any way, or if it was then it would likely be weak enough to crack without much effort. There's not a whole lot of horsepower in these things either, and decent encryption is time consuming and CPU intensive. So it would likely be fairly easy to get a handle on the data stream if you really had an interest in studying it.
You can log the traffic and determine what devices are using your wifi with Wireshark, but just let it go and set the password. Even softcore hacking is illegal.
I'd change my network name to something petty, like "Stop using my wifi I can see you".
If you are asking specifically about Chrome, the profiles are stored separately. Officially, this data is separate. If you think about it in a good way, Google is interested in creating a tailored experience per user. Cross contamination of profiles would be counter to this.
Even with different profiles the browser, your operating system (virtual machine), software versions, etc are the same across profiles. This makes them vulnerable to "browser fingerprinting." Most of the information on chrome://version can be obtained by websites and could possibly be used to uniquely identify a user without relying on cookies, IP or other basic tracking methods.
Specifically to Chrome, in the past there was a unique installation id assigned to your browser on install. In this case, any profiles would retain this identification number. While this was in the past it exposes another method of tracking most likely not considered.
For the more paranoid, for example, Chrome would be a lot faster if its internal caching engine shared data. Profile A visited Facebook before and now Profile B is visiting Facebook for the first time. Profile B gets some cached resources from Profile A which inadvertently exposes a link between the two profiles.
To really be sure what is going in and out of your machine use software like Wireshark to monitor what data is actually being sent.
While flow control is the better option, tshark with -q (summarize rather than display running count) and -z (statistics) might get you some details.
$ tshark -a duration:5 -qz ip_hosts,tree Capturing on eth0 631 packets captured
=================================================================== IP Addresses value rate percent ------------------------------------------------------------------- IP Addresses 618 0.119317 10.x.x.x 70 0.013515 11.33% 10.x.x.x 117 0.022589 18.93% 10.x.x.x 489 0.094411 79.13% <snip>
===================================================================
Relatively certain you can run tshark on windows.
> Space requirements are negligible.
I don't think this is true. Have you ever done a Wireshark trace and seen how many TCP/IP packets actually get sent as the result of visiting a single web page? It's in the order of 100 packets (to many different IP addresses) per click/page.
Very rough back of the envelope calculation ...
Logging only the customer's assigned IP address: (10 bytes [IP address] + 4 bytes [date]) * 730 [2 years] * 1000000 [customers] = 10.2 gigabytes
Logging all of the destination IP addresses:
(10 bytes [IP address] + 4 bytes [timestamp]) * 100 [packets per page] * 1000 [pages visited per day] * 730 [2 years] * 1000000 [customers] = 1022 terabytes
Logging the customers' assigned IPs is a trivial amount of storage. Logging all of the destination IPs is a significant expenditure.
perhaps it's late, I've had too much to drink, and misunderstood the question. you definitely can capture directly from within wireshark from a card in promisc.
https://www.wireshark.org/docs/wsug_html_chunked/ChapterCapture.html
whether or not that gives you useful time resolution I guess I'm not informed enough on.
Would someone who is not a MS shill and/or some random czech guy, that actually was brave enough to INSTALL Windows 10, just spend 5 minutes to install Wireshark (https://www.wireshark.org/), and perform few tasks, and see if their OS is talking to any of those IPs? Should be easy enough to do.
You need to have an understanding of networking an trying to read the book you bought is gonna be impossible to understand without the basics
http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/
https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html
http://www.concise-courses.com/security/wireshark-basics/
You are not gonna find a guide that is gonna hand hold you through the process of finding an adversary on your network because there are too many variables when it comes to a compromise. Wireshark requires someone with knowledge of the flow of the traffic its watching, and how to separate what is legit traffic and what is questionable traffic.
> you can't debug it using stuff like telnet or inline text-mode sniffers
This is significant. Learning HTTP/1.0 or HTTP/1.1 was easy - you could teach it to children and they should have been able to "get it" for the most part (although things like content encoding and chunking may have been somewhat more difficult to understand).
Ideally HTTP/2.0 should, in my opinion, have been extracted from the session/presentation/application layer and made into a new transport layer protocol (an alternative to TCP) because ultimately that's what this revision is trying to achieve: a more efficient transport.
Instead we now have a transport protocol on top of a transport protocol all binary encoded so that you are forced to use heavy interception tools like Wireshark to make sense of it.
Don't get me wrong - it is exciting to optimise something: network traffic, latency, anything. But I suspect system administrators and network engineers are going to be face-palming for a generation out of frustration at the complexity of diagnosing maybe the most prevalent protocol in use today.
How tech-savvy are you? If you have multiple devices on the network, you could try using Wireshark to capture for a few hours and isolate the source and destination IPs as well as some info on the traffic type.
yes APs send out beacons periodically. The first half of the MAC address is known as an OUI, which usually describes that manufacturer (but can easily be spoofed). In terms of specific model ("specs"), that's trickier to determine.
​
>Imagino que em provedores grandes como as 4 maiores não tenha a mínima chance de algum funcionário ver o que o usuário faz devido ao controle do sistema, estou certo?
Defina o que você quer dizer com VER. Os mais graduados podem coletar amostas do tráfego sim mas o que a gente vê é algo parecido com isso: https://www.wireshark.org/docs/wsug_html_chunked/wsug_graphics/ws-time-reference.png
Um bando de IPs de origem e IPs de destino... que significam o quê? O que você está vendo na sua tela? Nada disso. Está vendo o cadeado verde aqui nesse site? Significa que só o servidor do Reddit e seu computador sabem o conteúdo. A gente que transporta isso só vê ruído, mal tem como saber que site você acessou. A página dentro dele não temos saber.
Não há valor financeiro nesse ruído. Não há o que usar ele para te fazer marketing de algum produto, saber nada de útil ao seu respeito. O que você joga no lixo da sua casa trás mais informações do que isso. Pelas embalagens dá para saber que tipo de produto você anda consumindo. Agora esse ruído todo do tráfego criptografado? Nada.
The best way is to use Wireshark, just install it (includind winpcap), then run the software and double click your connection (ethernet or wifi adapter).
From that point on start a game and you should see a huge stream of UDP/DTLS packets coming and going to the same IP, copy-paste the address HERE and if it says Microsoft Azure that's xCloud 😁
Penso che per noi italiani/europei la destinazione più vicina siano i datacenter in Olanda o Germania, mi sa che quelli in Francia non siano attivi per xCloud
> What’s witeshark? And can you share any fun ones?
It's like Whitesnake but with RNG music generation.
If on the other hand you're serious, about "What is Wireshark?" then, it's the default opensource packet capture program used by lots of people to look at wire level data traversing a network:
no problem! if you want to get in to the nuts and bolts of this, I would recommend you download a program called WireShark (it's free/Open Source) and start fiddling. Read a few internet guides on what kind of stuff you can do.
I wrote a python script that went to wireshark’s display filter reference list, ripped all the different filters names and then pulled a Wikipedia synopsis about each one... only do this if you have lots of hair on your chest
Listen here, fuckbag. I'm a warehouse worker with a CCNA and working on my SEC+ certification. I've always been fascinated with IT but have never sought out a job for it.
You don't have the slightest fucking idea what you're talking about.
You can go download Wireshark if you want and capture ALL OF THE TRAFFIC THAT HITS YOUR NIC if you don't believe me. There are also open-source IDSs out there where you can LITERALLY READ THE CODE AND COMPILE IT YOURSELF.
I'm so tired of this fucking sub. Stop filling gaps with your ignorance and learn a fucking skill.
It's not, if it was people would easily prove it.
Some people out there love to disassemble and analyse electronic devices.
Nothing leaves my house without analysis. https://www.wireshark.org/
> Second of all, you're naive if you think that that setting actually prevents them from listening in on whatever they want, regardless of whether it's Apple or Android. It's pure posturing.
You realize that network sniffers exist right? (See Wireshark). So you can record every packet that enters/leaves your phone and see when it happens.
Researchers have already used that and other tools to find out that Android Sucks 10X More of Your Private Data Than iPhone.
Someone will probably give you a java specific answer that works exactly for your current situation, but in the mean time here is a generic answer: https://www.wireshark.org/ You can use Wireshark to diagnose the pipes.
I don't know if you know this, but wireshark already did this, like 10 years ago. https://www.wireshark.org/tools/oui-lookup.html
Also, there's been git projects for parsers that use wiresharks hardwork to tie into existing apps/programs/scripts. https://github.com/coolbho3k/manuf
Setup packet capture on your network interface: https://www.wireshark.org/docs/wsug_html_chunked/ChCapCapturingSection.html
Then export objects: https://www.wireshark.org/docs/wsug_html_chunked/ChIOExportSection.html
What server region(s) do you play on?
I recommend for you to download "WinMTR". It's a program that lets you run tests on the route to see average latency, latency variance, and packet loss. To use it, you just put in the server IP you want to test and let it run for like 5-15 minutes. Here is where you can download it.
If you play on US-W, I have some Rocket League server IPs logged that you can use:
104.16.81.239
162.245.206.69
209.191.164.23
162.245.206.19
162.245.206.63
162.245.206.27
209.191.164.28
162.245.206.60
172.106.126.50
69.88.156.68
172.106.117.114
If you don't play on US-W, you can download "Wireshark" from here to track packets received and sent to find server IPs.
Anyway, run the WinMTR test for about 5-15 minutes and screenshot the results.
> i’m good for years so far, i scan my pc once per year, never had any issue for like 4-5 years 😉
Do you monitor your ongoing connections with a packet analyzer such as Wireshark?
You can look at the IP on the device itself to verify. Or you can look up the manufacturer by the MAC address assuming they aren't all the same brand.
The Wireshark User Guide describes this feature in the section on "Filtering while capturing". It looks like the filter expression you want is "gateway 10.0.2.245". There's more detail about this feature in the PCAP-FILTER man page. That second link says there are some name resolution requirements for this feature that the Wireshark User Guide doesn't mention, so you may have to play around with this a bit to get it to work. The PCAP-FILTER page also shows an equivalent expression that uses the "ether" and "host" filters, so you might find it useful to try that if the "gateway" filter doesn't seem to do what you want. I just now tried using the "gateway" capture filter and couldn't get it to work, so the alternate syntax (e.g. "ether host ehost and not host host") may be the better option. In this case, "ehost" would be the Ethernet MAC address of the gateway and the final "host" is the IP address of the gateway, which you already know. When I tried this syntax just now it worked as expected.
Hope this helps - Good luck!
Ok, do as MANY other people have done and install https://www.wireshark.org/. Once installed, follow the widely available guides on how to monitor the network traffic from an Echo device. There! You can see the evidence with your own very eyes!
Cisco phones connected to a computer have 3 MAC addresses in use. One for the internal 2-port switch that serves the PC and the phone, one for the ASIC in the phone that does phone stuff and one for the PC itself.
SwitchMAC PCMAC
| |
| |
v v
SW1 <-----> PHONE <-----> PC
^
|
|
IPPhoneMAC
Bonus credit 'cuz I'm bored right now: https://www.wireshark.org/tools/oui-lookup.html
00:01:96 Cisco Systems, Inc
00:01:C7 Cisco Systems, Inc
Beej's is just a guide to sockets in C, a great one that is but it's just about sockets. I would recommend that you get yourself Wireshark a network analysis tool and poke around, check a couple tutorials and just observe packets go to and from your computer as you do stuff. You can see each bytes as they cross your NIC and try to make sense of it. Let your curiosity lead your research. Then read on how tcp/ip/udp/icmp/dns/http work and how they relate to each other. You don't have to know every minute details of the each protocol to understand how they work. Then try to write a C program that builds packets one byte at the time (Not relying on the socket interface to do the packet building) and try to make an effect in the world. For instance, make a tiny program that forges a dns request packet to google dns server 8.8.8.8 and watch for the reply in Wireshark.
You can see the data packets being sent by mac to apple servers by using wireshark. From those packets we can get the info about ip addresses they are being sent to. I was doing a networks course assignment 3 days back and opened the exact same website to find out that there is a job posting.
Just found this interesting tidbit from 2011:
Since it is not providing the group number to create (-i nnn) it defaults to creating the next group number higher than 500. On my machine it created GID 501.
This has two effects.
The first is that it is a visible group. Note that the bug text quoted above said they were intending to model it after com.apple.access_*, which is an invisible group, by virtue of them being lower group numbers.
I don't see any reason why the membership in access_bpf should be visible to the user.
The 2nd effect is worse. The problem is that 501 happens to be the same as the default UID for the first user on the machine. And for whatever reason(s), there are files on the machine that have UIDs as the group.
Before Wireshark is installed, these files would show as owner = username, group = 501. After Wireshark is installed, they all appear as owner=username, group=access_bpf.
https://www.wireshark.org/lists/wireshark-bugs/201109/msg00780.html
To answer my own question... I started using Wireshark to monitor the data being sent back and forth the socket.
It turns out I was sending the data in hex, when it should have been in binary.
tshark is a good alternative on Windows and is installed with Wireshark. Allows you to do everything command line and split the files and such just like tcpdump- https://www.wireshark.org/docs/man-pages/tshark.html
One possiblity reason is a hidden program using your net, CPU and generate unwanted traffic. Maybe you should check your internet traffic. Try wireshark, take a 1 minute capture. If the capture is NOT almost empty you found something. You can also capture the traffic between your game and game server. https://www.wireshark.org/#download
An other reason is you play through a wifi connection.
Also you should issue a PerfOverlay.DrawGraph 1 in BFH or BF4. Press tilde ~ in game then issue that command to search spikes in that graph. https://www.reddit.com/r/battlefield_4/comments/2keoga/perfoverlaydrawgraph_cpu_or_gpu_bottleneck/
And you should check your video drivers...
While this is not open source you can try this https://www.softperfect.com/products/networx/
However if you want something more advanced and open source Wireshark should do. https://www.wireshark.org/
Download the program Wireshark and open it on an unsecured public wifi. You'll be able to actually watch the data being transmitted over the network. So if I were to open my laptop next to you, and access some unsecure website, you would be able to see what I'm doing.