ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-users: Re: [Wireshark-users] how could you indicate at start up the IP addresses that w

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Albretch Mueller <lbrtchx@xxxxxxxxx>
Date: Thu, 10 Jan 2019 11:10:23 -0500
 Thank you Harris et al:

 I wrote up the outline of a bash script, but I am not so sure if I am
using the right tools. I find wireshark too "visual", "GUIee", but
other development efforts/tools such as ssldump have been apparently
discontinued.

 Basically I would like to know:

 1) exactly what happens both:
 1.1) internally in a browser (including javascript handling),  for
which I might have to compile a version with debugging enabled, and,
 1.2) on the wire

 2) as I browse the page around using the browser the encryption keys
should be saved to a file, which,

 3) wireshark would ongoingly read in to decrypt the traffic produced
by the browser

 I have found a few pages partially explaining how could you do such
thing, but when I have tried to combine the pieces, I have run into
new problems and dead ends.

 Would it be better using dumpcap and then read in the file?

 I like to see the timely flow of the interaction between wireshark
and the browser, but I am OK if I wouldn’t.
~
 _URL="https://news.google.com/?tab=wn&hl=en-US&gl=US&ceid=US:en";
 $ bash ./wireshark_sniff_session00.sh "${_URL}"

~
#!/bin/bash

_DT=$(date +"%Y%m%d%H%M%S")

echo "// __ \$1: |$1|"

_URL=$1
_URL_HOST=$(echo $_URL | sed -e "s/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/")
echo "// __ \$_URL_HOST: |$_URL_HOST|"

_IP_ADRX=$(host "${_URL_HOST}" | grep " has address " | awk '{ print $4}')

echo "// __ \$_IP_ADRX: |$_IP_ADRX|"
ping -c 2 "${_IP_ADRX}"

_LOG_FL="${_URL_HOST}_${_DT}_wirseshark_log.pcapng"
echo "// __ \$_LOG_FL: |$_LOG_FL|"

_HOST_NAME=$(hostname -I --all-ip-addresses | awk '{print $1}')
echo "// __ \$_HOST_NAME: |$_HOST_NAME|"

ip --oneline -4 a | grep "${_HOST_NAME}"

_NET_IF=$(ip --oneline -4 a | grep "${_HOST_NAME}" | awk -F '[: ]' '{print $3}')
echo "// __ \$_NET_IF: |$_NET_IF|"

export SSLKEYLOGFILE="$HOME/${_URL_HOST}_${_NET_IF}_${_DT}_sslkeylog.log"
echo "// __ \$SSLKEYLOGFILE: |$SSLKEYLOGFILE|"

echo "// __ starting firefox"
firefox --ssl-key-log-file=$SSLKEYLOGFILE --new-instance ${_URL} &

# (ip.dst=="${_NET_IF}")?
# how do you give set as a startup parameter the $SSLKEYLOGFILE
produced by firefox?
# how do you make wireshark save the captured file onto $_LOG_FL?

wireshark -i "${_NET_IF}" -f "host ${_URL_HOST}" -k -l
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube