LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-17-2008, 08:48 AM   #1
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Rep: Reputation: 0
Question [WireShark] shows only headers ? or even encapsulated Data ?


Hi there!

Installed wireshark on my machine ( after installing the million prerecs). But wireshark does not seem to be showing me the data inside the packets only the headers.

I need to modify the packets, so I need to see whether the receiving data is modified or not. Can wireshark show me the data in the packets ? (not just the protocol)

Thanks,
Fahim Akhter
 
Old 11-17-2008, 10:35 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Have you set the limit box to 60 bytes or some such? by default it will capture all the traffic. On the main wireshark screen you have three panels right? the bottom one shows the entire packet in hex, and the middle splits out the protocols, which the payload being at the bottom of the middle pane, IF it can decode what the payload is.
 
Old 11-18-2008, 01:28 AM   #3
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Original Poster
Rep: Reputation: 0
I'm using default settings, when I decode the pay load. Click on a perticular bit, it tells me which part of the header it belongs to , like this is the MAC , this is IP bit and so on. But every bit is related to the header. There isn't where it actually says Data.

Like it does in this windows application Packet Analyzer - Colasoft Capsa 6.9
 
Old 11-18-2008, 02:37 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
I'd be confident the data is there, never seen that from any default wireshark install in windows or linux. expand ALL the entries in the middle pane and take a screenshot of what's at the bottom of that page and upload it somewhere for us. are you sure there actually IS amounts of decodeable data in the traffic your looking at?
 
Old 11-18-2008, 04:31 AM   #5
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Original Poster
Rep: Reputation: 0
Oh Ok, I get it now... The packets that I was focusing on did not have a data segment I think. I started a TCP file transfer, and I can see the batches of data passing now.

Thanks everyone
 
Old 11-18-2008, 04:45 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
when you're initiating a 3 way TCP handshake, there is no payload, only syn, synack, ack.
 
Old 11-18-2008, 04:50 AM   #7
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Original Poster
Rep: Reputation: 0
Well, I did see the payload, must be something else. But not having a payload raises a question for me. If i am working on encryption and i want my Box to only accept encrypted packets. The acknowledgements and everything will not be encrypted, wouldn't that present a network delima?
 
Old 11-18-2008, 05:27 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Well you can't only accept "encrypted" packets as they take many forms at many layers. I'm not sure what dilema you're talking about here. in the case of HTTPS for example, the encrpytion is at session layer (SSL), not transport (TCP) so the network traffic looks the same until you really start devling into the payload.
 
Old 11-18-2008, 08:54 AM   #9
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Original Poster
Rep: Reputation: 0
I need to drop the packets which are not encrypted and decrypt the one's that are and forward them to their respective network
 
Old 11-18-2008, 12:35 PM   #10
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
with wireshark??? that's nothing like what wireshark does.
 
Old 11-19-2008, 01:17 AM   #11
Fahim Akhter
LQ Newbie
 
Registered: Nov 2008
Location: Islamabad , Pakistan
Posts: 6

Original Poster
Rep: Reputation: 0
lol, Yes I do realise wireshark doesn't do that. I wast merely telling the whole senario. Thanks a lot for your help and support

Fahim Akhter
 
  


Reply

Tags
data, raw, wireshark


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Backing up ~75GB of data on Redhat rel 4 srvr using backup exec shows ~1.3TB of data? unicorntoo Linux - Software 1 05-01-2008 09:32 AM
Internal IP shows up on outbound email headers at remote client designit Linux - Server 6 02-15-2008 03:14 PM
LXer: Web 2.0 shows its data muscle LXer Syndicated Linux News 0 07-18-2007 03:16 PM
Data DVD+RW only shows a few files (but reads OK on Windows) TerminalSpin Linux - General 0 08-09-2004 11:06 AM
DHCP vendor-encapsulated-options substring bwilliam79 Linux - Networking 1 10-29-2002 11:08 AM


All times are GMT -5. The time now is 09:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration