LDAP authentication problem in the customer environment: The error message was received right after entering the password. Tshark says: 1 0.000000000 192.168.99.200 → 10.10.10.10 TCP 74 44780 → 3269 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=2891116193 TSecr=0 WS=128 2 0.001225814 10.10.10.10 → 192.168.99.200 TCP 74 3269 → 44780 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 […]
Tag: wireshark
How to Decrypt TLS Traffic with Wireshark
This is a small note to keep the links to posts by Peter Wu: Extract pre-master keys from an OpenSSL application Extracting openssl pre-master secret from apache2 Example in Debian Buster: With the keys saved by that process (and doing the packet capture at the same time, in either server or client side), you can […]
Zabbix Protocol Dissector for Wireshark
While troubleshooting a Zabbix communication problem I realized that there was no Zabbix protocol dissector in Wireshark. Long story short: I wrote my own dissector in Lua as an exercise. Actually, I wrote two dissectors, one for Zabbix passive agent communication (port 10050, the not-so-json-style protocol) and one for other Zabbix components (port 10051). You […]
Wireshark and 802.11 Data in Capture Files
Once again I was asked to get involved when a customer had problems with an application. I won’t go into application or problem details here but the process eventually involved capturing traffic on a customer laptop to see what was actually happening. The consultant doing the capture was not using Wireshark as I would have […]