Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] Decode Captured Packets
From: César Orta <ceou_1979@xxxxxxxxx>
Date: Mon, 8 Dec 2008 23:33:04 -0800 (PST)
Hello,
I would like to know how could I read the information on the packets that I had captured. I''m new using this Whireshark, but this kind of things are kinda easy for my (I like to learn with this)... but I must be doing something wrong:
I use Wireshark to capture the packets with the wireless adapter that came with my pc (Dell Latitude 500, I think)
I prefer to not filter the capture, because I use to practice displaying filters with the saved captures while I'm on a plane, or a long trip.
Right now, I connect to an AP with WEP encryption (that means that I know the password, right?) and I want to see which websites are visiting the users of the wireless network or if it''s possible, to see if one of them is talking about me (one of them is a very very cute girl!!!!) on MSN or anything...
When I filter the capture with http and ip.addr == 192.168.0.195 I'm able to see a lot of frames, but when I right click and follow TCP stream, I only see weird characters... I dont see something like http://www.ilikethisnetworkadmin.com
I dont want to crack any passwords or anything like that... I just want to know the kind of surfing that the users are doing!!! are these characters like that due to the WEP key? I check the Preferences and i checked the encyrption enabled, and I enter the key#1 that is 1111111111 (the one that I enter in the AP configuration). Do I need to write it down on wireshark like that or in HEX? How do I know if it's decrypting?
I hope I get an answer!!!!!
Cheers
I would like to know how could I read the information on the packets that I had captured. I''m new using this Whireshark, but this kind of things are kinda easy for my (I like to learn with this)... but I must be doing something wrong:
I use Wireshark to capture the packets with the wireless adapter that came with my pc (Dell Latitude 500, I think)
I prefer to not filter the capture, because I use to practice displaying filters with the saved captures while I'm on a plane, or a long trip.
Right now, I connect to an AP with WEP encryption (that means that I know the password, right?) and I want to see which websites are visiting the users of the wireless network or if it''s possible, to see if one of them is talking about me (one of them is a very very cute girl!!!!) on MSN or anything...
When I filter the capture with http and ip.addr == 192.168.0.195 I'm able to see a lot of frames, but when I right click and follow TCP stream, I only see weird characters... I dont see something like http://www.ilikethisnetworkadmin.com
I dont want to crack any passwords or anything like that... I just want to know the kind of surfing that the users are doing!!! are these characters like that due to the WEP key? I check the Preferences and i checked the encyrption enabled, and I enter the key#1 that is 1111111111 (the one that I enter in the AP configuration). Do I need to write it down on wireshark like that or in HEX? How do I know if it's decrypting?
I hope I get an answer!!!!!
Cheers
- Follow-Ups:
- [Wireshark-users] Parsing tshark output to C program
- From: dedy rustandi
- [Wireshark-users] Parsing tshark output to C program
- Prev by Date: Re: [Wireshark-users] Wireshark-users Digest, Vol 31, Issue 13
- Next by Date: [Wireshark-users] Parsing tshark output to C program
- Previous by thread: [Wireshark-users] Ethernet FCS incorrect but not being flagged by Wireshark
- Next by thread: [Wireshark-users] Parsing tshark output to C program
- Index(es):