Archive for the ‘Wireshark’ Category
Posted by jpluimers on 2023/02/28
[Wayback/Archive] Wireshark Cheat Sheet – Commands, Captures, Filters, Shortcuts
It is available both a huge [Wayback/Archive] jpg (2500×2096 pixels), so it already prints well on A5 or A4 sized paper for reference and as a [Wayback/Archive] PDF (so you can print it on even larger paper sizes).
Via: [Archive] Murdock (@Generic42) / Twitter in a DM.
–jeroen
Read the rest of this entry »
Like this:
Like Loading...
Posted in *nix, *nix-tools, Communications Development, Development, Hardware, Network-and-equipment, Power User, Software Development, Wireshark | Leave a Comment »
Posted by jpluimers on 2021/12/01
Wanting a simple way on the console to convert a .pcap
file to a .wav
file, I searched for [Wayback] console convert pcap to wav – Google Search.
The reason is that [Wayback] fritzcap (written in Python) sometimes crashes while doing the conversion of a phone recording, so then only the .pcap
file is available. I still want to figure this out, but given my health situation, I might not be able to in time.
If anyone with Python experience can help, I have failing capture files lying around, and the fritzcap
command-line does support decoding [Wayback/Archive.is]:
# feature/re-add_documentation(+0/-0)* ± python fritzcap.py --help
usage: fritzcap.py [-h] [-v] [-c] [-d [file [file ...]]] [-m] [-p password]
[-u username] [-s] [--config_file path_to_file]
[--logging_config path_to_file] [--box_name host_or_IP]
[--call_service_port port] [--login_not_required]
[--protocol protocol] [--cap_folder path_pattern]
[--cap_file file_pattern] [--cap_interface cap_interface]
[--after_capture_time time_in_seconds]
[--decode_workers_count int]
...
main arguments:
...
-d [file [file ...]], --decode_files [file [file ...]]
the list of captured files to decode. All the new
captures files will be decode automatically if the
--capture switch is set. Read the files from the
standard input if the list of files is empty and there
is no capture work.
Back to other tooling for decoding VoIPcap/pcap files
Too bad there are no easy solutions. You can use the WireShark GUI to do this, which is OK for infrequent conversions.
Here were some of the results leading me to that conclusion:
- [Wayback] Convert RTP packets to WAV or AU using ffmpeg – Stack Overflow
If your intention is to hear the voice present in .pcap file you can follow the below steps.
Install Wireshark:
- File -> open filename.pcap
- Analyze -> Decode Asselect RTP from the list then click on apply
- Telephony -> RTP -> Show All Streams -> Analyze
- Then click on Player -> Decode
- Enable the check box appearing for each file and play
- Now you can here the streams.
Note: Make sure that you have latest version of Wireshark installed.
- [Wayback] voip – Converting PCAP to WAV – Network Engineering Stack Exchange
Here you go!
1. Enter RTP
in the display filter in Wireshark when the capture is open.
2. Now select an RTP packet in any stream and click on the menu option Telephony
.
3. Go to RTP
>Stream Analysis
and click on Save Payload
button.
4. Change the format to .au
and choose a name (lets say test.au
) and location for your file.
5. Play it using your favorite audio player.
OR
5. Run the following command to convert the .au
file to .wav
if you like .wav
files better: sox test.au -V -t wav -b 16 -c 2 test.wav
Hope that helps!
- [Wayback] RTP_statistics · Wiki · Wireshark Foundation / wireshark · GitLab (moved from [Wayback] RTP_statistics – The Wireshark Wiki)
You can save the content of an RTP audio stream to an Au-file directly from Wireshark. This is done from the “RTP Stream Analysis” dialog by pressing the “Save” button and select one of ‘… Audio’ options, then select ‘Sun Audio’ file format.
- [Wayback] Converting RTP in pcap to Audio Wav files – SDET
ssrc=$(sudo tshark -n -r capture.pcap -R rtp -T fields -e rtp.ssrc -Eseparator=, | sort -u)
echo $ssrc
sudo tshark -n -r capture.pcap -R rtp -R “rtp.ssrc == $ssrc” -T fields -e rtp.payload | tee payloads
for payload in `cat payloads`; do IFS=:; for byte in $payload; do printf “\\x$byte” >> sound.raw; done; done
echo ‘sox has converted pcap to wav file’
sudo sox -t raw -r 8000 -c 1 -U sound.raw capture3d.wav
- [Wayback] Wireshark Q&A: pcap to au-file in command line
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Development, fritzcap, Power User, Python, Scripting, Software Development, Wireshark | Leave a Comment »
Posted by jpluimers on 2021/02/16
[WayBack] 🔎Julia Evans🔍 auf Twitter: “ngrep: grep your network!… “

So this taught me a new tool and other new things:
- ngrep – Wikipedia
ngrep is similar to tcpdump, but it has the ability to look for a regular expression in the payload of the packet, and show the matching packets on a screen or console. It allows users to see all unencrypted traffic being passed over the network, by putting the network interface into promiscuous mode.
ngrep with an appropriate BPF filter syntax, can be used to debug plain text protocols interactions like HTTP, SMTP, FTP, DNS, among others, or to search for a specific string or pattern, using a grep regular expression syntax.[4][5]
ngrep also can be used to capture traffic on the wire and store pcap dump files, or to read files generated by other sniffer applications, like tcpdump, or wireshark.
ngrep has various options or command line arguments. The ngrep man page in UNIX-like operating systems show a list of available options.
- [WayBack] GitHub – jpr5/ngrep.
ngrep is like GNU grep applied to the network layer. It’s a PCAP-based tool that allows you to specify an extended regular or hexadecimal expression to match against data payloads of packets. It understands many kinds of protocols, including IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw, across a wide variety of interface types, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
- [WayBack] BPF syntax
- Berkeley Packet Filter – Wikipedia
–jeroen
Read the rest of this entry »
Like this:
Like Loading...
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Software Development, Wireshark | Leave a Comment »
Posted by jpluimers on 2021/01/25
Back in 2019, there were 56 commands and scripts covered. I wonder how many there are now.
An ongoing list of Linux Networking Commands and Scripts. These commands and scripts can be used to configure or troubleshoot your Linux network.
Source: [WayBack] 55 Linux Networking commands and scripts
List back then (which goes beyond just built-in commands: many commands from optional packages are here as well):
- arpwatch – Ethernet Activity Monitor.
- bmon – bandwidth monitor and rate estimator.
- bwm-ng – live network bandwidth monitor.
- curl – transferring data with URLs. (or try httpie)
- darkstat – captures network traffic, usage statistics.
- dhclient – Dynamic Host Configuration Protocol Client
- dig – query DNS servers for information.
- dstat – replacement for vmstat, iostat, mpstat, netstat and ifstat.
- ethtool – utility for controlling network drivers and hardware.
- gated – gateway routing daemon.
- host – DNS lookup utility.
- hping – TCP/IP packet assembler/analyzer.
- ibmonitor – shows bandwidth and total data transferred.
- ifstat – report network interfaces bandwidth.
- iftop – display bandwidth usage.
- ip (PDF file) – a command with more features that ifconfig (net-tools).
- iperf3 – network bandwidth measurement tool. (above screenshot Stacklinux VPS)
- iproute2 – collection of utilities for controlling TCP/IP.
- iptables – take control of network traffic.
- IPTraf – An IP Network Monitor.
- iputils – set of small useful utilities for Linux networking.
- jwhois (whois) – client for the whois service.
- “lsof -i” – reveal information about your network sockets.
- mtr – network diagnostic tool.
- net-tools – utilities include: arp, hostname, ifconfig, netstat, rarp, route, plipconfig, slattach, mii-tool, iptunnel and ipmaddr.
- ncat – improved re-implementation of the venerable netcat.
- netcat – networking utility for reading/writing network connections.
- nethogs – a small ‘net top’ tool.
- Netperf – Network bandwidth Testing.
- netsniff-ng – Swiss army knife for daily Linux network plumbing.
- netstat – Print network connections, routing tables, statistics, etc.
- netwatch – monitoring Network Connections.
- ngrep – grep applied to the network layer.
- nload – display network usage.
- nmap – network discovery and security auditing.
- nslookup – query Internet name servers interactively.
- ping – send icmp echo_request to network hosts.
- route – show / manipulate the IP routing table.
- slurm – network load monitor.
- snort – Network Intrusion Detection and Prevention System.
- smokeping – keeps track of your network latency.
- socat – establishes two bidirectional byte streams and transfers data between them.
- speedometer – Measure and display the rate of data across a network.
- speedtest-cli – test internet bandwidth using speedtest.net
- ss – utility to investigate sockets.
- ssh – secure system administration and file transfers over insecure networks.
- tcpdump – command-line packet analyzer.
- tcptrack – Displays information about tcp connections on a network interface.
- telnet – user interface to the TELNET protocol.
- tracepath – very similar function to traceroute.
- traceroute – print the route packets trace to network host.
- vnStat – network traffic monitor.
- wget – retrieving files using HTTP, HTTPS, FTP and FTPS.
- Wireless Tools for Linux – includes iwconfig, iwlist, iwspy, iwpriv and ifrename.
- Wireshark – network protocol analyzer.
Via:
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, cURL, dig, Internet, nmap, Power User, SpeedTest, ssh/sshd, tcpdump, Wireshark | Leave a Comment »
Posted by jpluimers on 2019/04/12
Every now and then I hear about providers that refuse to hand over the VoIP SIP credentials.
If you do have access to your modem, you can Wireshark the WAN side, then reset the modem and capture traffic until it has obtained the VoIP information:
[WayBack] Telfort SIP (getest met Glasvezel) | Het leven van Teus & Simone:
Veel mensen op het forum van Telfort vragen zich af of ze de SIP gegevens kunnen krijgen voor telefonie zodat men de ExperiaBox niet hoeven te gebruiken. Gezien dat de Telfort Support deze gegevens…
Via:
–jeroen
Like this:
Like Loading...
Posted in *nix, *nix-tools, Internet, Power User, Wireshark | Leave a Comment »