• Stars
    star
    134
  • Rank 270,967 (Top 6 %)
  • Language
  • License
    Other
  • Created over 6 years ago
  • Updated about 6 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Wireshark Dissector for Apple Wireless Direct Link (AWDL) and Apple's CoreCapture logging framework. Note: the AWDL dissector is part of Wireshark 3.0!

General Information

Wireshark is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses Qt, a graphical user interface library, and libpcap, a packet capture and filtering library.

The Wireshark distribution also comes with TShark, which is a line-oriented sniffer (similar to Sun's snoop, or tcpdump) that uses the same dissection, capture-file reading and writing, and packet filtering code as Wireshark, and with editcap, which is a program to read capture files and write the packets from that capture file, possibly in a different capture file format, and with some packets possibly removed from the capture.

The official home of Wireshark is https://www.wireshark.org.

The latest distribution can be found in the subdirectory https://www.wireshark.org/download

Installation

The Wireshark project builds and tests regularly on the following platforms:

  • Linux (Ubuntu)
  • Microsoft Windows
  • macOS / {Mac} OS X

Official installation packages are available for Microsoft Windows and macOS.

It is available as either a standard or add-on package for many popular operating sytems and Linux distributions including Debian, Ubuntu, Fedora, CentOS, RHEL, Arch, Gentoo, openSUSE, FreeBSD, DragonFly BSD, NetBSD, and OpenBSD.

Additionaly it is available through many third-party packaging systems such as pkgsrc, OpenCSW, Homebrew, and MacPorts.

It should run on other Unix-ish systems without too much trouble.

In some cases the current version of Wireshark might not support your operating system. This is the case for Windows XP, which is supported by Wireshark 1.10 and earlier. In other cases the standard package for Wireshark might simply be old. This is the case for Solaris and HP-UX.

NOTE: The Makefile depends on GNU "make"; it doesn't appear to work with the "make" that comes with Solaris 7 nor the BSD "make".

Both Perl and Python are needed, the former for building the man pages.

If you decide to modify the yacc grammar or lex scanner, then you need "flex" - it cannot be built with vanilla "lex" - and either "bison" or the Berkeley "yacc". Your flex version must be 2.5.1 or greater. Check this with flex -V.

You must therefore install Perl, Python, GNU "make", "flex", and either "bison" or Berkeley "yacc" on systems that lack them.

Full installation instructions can be found in the INSTALL file and in the Developer's Guide at https://www.wireshark.org/docs/wsdg_html_chunked/

See also the appropriate README.OS files for OS-specific installation instructions.

Usage

In order to capture packets from the network, you need to make the dumpcap program set-UID to root, or you need to have access to the appropriate entry under /dev if your system is so inclined (BSD-derived systems, and systems such as Solaris and HP-UX that support DLPI, typically fall into this category). Although it might be tempting to make the Wireshark and TShark executables setuid root, or to run them as root please don't. The capture process has been isolated in dumpcap; this simple program is less likely to contain security holes, and thus safer to run as root.

Please consult the man page for a description of each command-line option and interface feature.

Multiple File Types

The wiretap library is a packet-capture library currently under development parallel to wireshark. In the future it is hoped that wiretap will have more features than libpcap, but wiretap is still in its infancy. However, wiretap is used in wireshark for its ability to read multiple file types. See the Wireshark man page or the Wireshark User's Guide for a list of supported file formats.

In addition, it can read gzipped versions of any of those files automatically, if you have the zlib library available when compiling Wireshark. Wireshark needs a modern version of zlib to be able to use zlib to read gzipped files; version 1.1.3 is known to work. Versions prior to 1.0.9 are missing some functions that Wireshark needs and won't work. ./configure should detect if you have the proper zlib version available and, if you don't, should disable zlib support. You can always use ./configure --disable-zlib to explicitly disable zlib support.

Although Wireshark can read AIX iptrace files, the documentation on AIX's iptrace packet-trace command is sparse. The iptrace command starts a daemon which you must kill in order to stop the trace. Through experimentation it appears that sending a HUP signal to that iptrace daemon causes a graceful shutdown and a complete packet is written to the trace file. If a partial packet is saved at the end, Wireshark will complain when reading that file, but you will be able to read all other packets. If this occurs, please let the Wireshark developers know at [email protected], and be sure to send us a copy of that trace file if it's small and contains non-sensitive data.

Support for Lucent/Ascend products is limited to the debug trace output generated by the MAX and Pipline series of products. Wireshark can read the output of the wandsession wandisplay, wannext, and wdd commands.

Wireshark can also read dump trace output from the Toshiba "Compact Router" line of ISDN routers (TR-600 and TR-650). You can telnet to the router and start a dump session with snoop dump.

CoSine L2 debug output can also be read by Wireshark. To get the L2 debug output, get in the diags mode first and then use create-pkt-log-profile and apply-pkt-lozg-profile commands under layer-2 category. For more detail how to use these commands, you should examine the help command by layer-2 create ? or layer-2 apply ?.

To use the Lucent/Ascend, Toshiba and CoSine traces with Wireshark, you must capture the trace output to a file on disk. The trace is happening inside the router and the router has no way of saving the trace to a file for you. An easy way of doing this under Unix is to run telnet <ascend> | tee <outfile>. Or, if your system has the "script" command installed, you can save a shell session, including telnet to a file. For example, to a file named tracefile.out:

$ script tracefile.out
Script started on <date/time>
$ telnet router
..... do your trace, then exit from the router's telnet session.
$ exit
Script done on <date/time>

Name Resolution

Wireshark will attempt to use reverse name resolution capabilities when decoding IPv4 and IPv6 packets.

If you want to turn off name resolution while using Wireshark, start Wireshark with the -n option to turn off all name resolution (including resolution of MAC addresses and TCP/UDP/SMTP port numbers to names), or with the -N mt option to turn off name resolution for all network-layer addresses (IPv4, IPv6, IPX).

You can make that the default setting by opening the Preferences dialog box using the Preferences item in the Edit menu, selecting "Name resolution", turning off the appropriate name resolution options, clicking "Save", and clicking "OK".

SNMP

Wireshark can do some basic decoding of SNMP packets; it can also use the libsmi library to do more sophisticated decoding, by reading MIB files and using the information in those files to display OIDs and variable binding values in a friendlier fashion. The configure script will automatically determine whether you have the libsmi library on your system. If you have the libsmi library but do not want to have Wireshark use it, you can run configure with the --without-libsmi option.

How to Report a Bug

Wireshark is under constant development, so it is possible that you will encounter a bug while using it. Please report bugs at https://bugs.wireshark.org. Be sure you enter into the bug:

  1. The complete build information from the "About Wireshark" item in the Help menu or the output of wireshark -v for Wireshark bugs and the output of tshark -v for TShark bugs;

  2. If the bug happened on Linux, the Linux distribution you were using, and the version of that distribution;

  3. The command you used to invoke Wireshark, if you ran Wireshark from the command line, or TShark, if you ran TShark, and the sequence of operations you performed that caused the bug to appear.

If the bug is produced by a particular trace file, please be sure to attach to the bug a trace file along with your bug description. If the trace file contains sensitive information (e.g., passwords), then please do not send it.

If Wireshark died on you with a 'segmentation violation', 'bus error', 'abort', or other error that produces a UNIX core dump file, you can help the developers a lot if you have a debugger installed. A stack trace can be obtained by using your debugger ('gdb' in this example), the wireshark binary, and the resulting core file. Here's an example of how to use the gdb command 'backtrace' to do so.

$ gdb wireshark core
(gdb) backtrace
..... prints the stack trace
(gdb) quit
$

The core dump file may be named "wireshark.core" rather than "core" on some platforms (e.g., BSD systems). If you got a core dump with TShark rather than Wireshark, use "tshark" as the first argument to the debugger; the core dump may be named "tshark.core".

Disclaimer

There is no warranty, expressed or implied, associated with this product. Use at your own risk.

Gerald Combs [email protected]

Gilbert Ramirez [email protected]

Guy Harris [email protected]

More Repositories

1

opendrop

An open Apple AirDrop implementation written in Python
Python
8,572
star
2

openhaystack

Build your own 'AirTags' 🏷 today! Framework for tracking personal Bluetooth devices via Apple's massive Find My network.
Swift
8,225
star
3

nexmon

The C-based Firmware Patching Framework for Broadcom/Cypress WiFi Chips that enables Monitor Mode, Frame Injection and much more
C
2,406
star
4

AirGuard

Protect yourself from being tracked 🌍 by AirTags 🏷 and Find My accessories 📍
Kotlin
1,904
star
5

owl

An open Apple Wireless Direct Link (AWDL) implementation written in C
C
1,217
star
6

openwifipass

An open source implementation of Apple's Wi-Fi Password Sharing protocol in Python.
Python
802
star
7

mobisys2018_nexmon_software_defined_radio

Proof of concept project for operating Broadcom Wi-Fi chips as arbitrary signal transmitters similar to software-defined radios (SDRs)
Shell
763
star
8

internalblue

Bluetooth experimentation framework for Broadcom and Cypress chips.
Python
684
star
9

frankenstein

Broadcom and Cypress firmware emulation for fuzzing and further full-stack debugging
C
430
star
10

nexmon_csi

Channel State Information Extraction on Various Broadcom Wi-Fi Chips
C
302
star
11

toothpicker

Python
234
star
12

privatedrop

Practical Privacy-Preserving Authentication for Apple AirDrop
Swift
217
star
13

polypyus

Python
215
star
14

BTLEmap

Nmap for Bluetooth Low Energy
Swift
159
star
15

bcm-rpi3

DEPRECATED: Monitor Mode and Firmware patching framework for the Raspberry Pi 3, development moved to: https://github.com/seemoo-lab/nexmon
C
157
star
16

airtag

AirTag instrumentation including AirTechno and firmware downgrades.
JavaScript
138
star
17

VirtFuzz

VirtFuzz is a Linux Kernel Fuzzer that uses VirtIO to provide inputs into the kernels subsystem. It is built with LibAFL.
Rust
109
star
18

frida-scripts

JavaScript
101
star
19

mobisys2018_nexmon_channel_state_information_extractor

Example project for extracting channel state information of up to 80 MHz wide 802.11ac Wi-Fi transmissions using the BCM4339 Wi-Fi chip of Nexus 5 smartphones.
MATLAB
98
star
20

airdrop-keychain-extractor

Extracting Apple ID Validation Record, Certificate, and Key for AirDrop
Objective-C
96
star
21

bcm-public

DEPRECATED: Monitor Mode and Firmware patching framework for the Google Nexus 5, development moved to: https://github.com/seemoo-lab/nexmon
C
75
star
22

fitness-app

Java
70
star
23

apple-continuity-tools

Reverse engineering toolkit for Apple's wireless ecosystem
JavaScript
63
star
24

nexmon_debugger

Debugger with hardware breakpoints and memory watchpoints for BCM4339 Wi-Fi chips
C
54
star
25

satellite-messenger

A free satellite messenger for iPhone 14
Swift
50
star
26

wisec2017_nexmon_jammer

This project contains the nexmon-based source code required to repeat the experiments of our WiSec 2017 paper.
C
48
star
27

aristoteles

A Wireshark dissector for the Apple Remote Invocation (ARI) protocol, used between Intel base band chips and the iOS CommCenter for various management purposes, SMS, telephony and much more.
Lua
45
star
28

talon-tools

Talon Tools: The Framework for Practical IEEE 802.11ad Research
TeX
41
star
29

mmTrace

mmTrace: Millimeter Wave Propagation Simulation
MATLAB
40
star
30

fitness-firmware

HTML
40
star
31

AirGuard-iOS

Protect yourself from being tracked 📍by Samsung SmartTags and Tile Trackers
Swift
39
star
32

apple_u1

JavaScript
38
star
33

chirpotle

A LoRaWAN Security Evaluation Framework
Jupyter Notebook
35
star
34

dtrace-memaccess_cve-2020-27949

C++
35
star
35

proxawdl

Tunnels a regular TCP connection through an AWDL link by exploiting the NetService API
Objective-C
31
star
36

pyshimmer

pyshimmer provides a Python API to work with the wearable sensor devices produced by Shimmer.
Python
24
star
37

mobisys2018_nexmon_covert_channel

Wi-Fi based covert channel that hides information in hand crafted acknowledgement frames imitating additional channel effects that can be extracted from channel state information at the intended receiver.
C
23
star
38

uwb-sniffer

A UWB Sniffer with accurate timestamps
C
22
star
39

h4bcm_wireshark_dissector

Wireshark dissector for Broadcom specific H4 diagnostic commands
C
22
star
40

owlink.org

Opening up Apple's wireless ecosystem around the Apple Wireless Direct Link (AWDL) protocol
HTML
20
star
41

wisec2017_nexmon_jammer_demo_app

This project contains source code of our Nexmon-based jammer app presented as a demo at WiSec 2017.
Java
19
star
42

nexmon-arc

The nexmon C-based firmware patching framework adapted for the ARC architecture.
C
19
star
43

seemoo-mobile-sensing

Sensor data collector for Android devices
Java
19
star
44

plist17lib

Python
18
star
45

BTLEmap-Framework

BTLEmap's Bluetooth Low Energy framework that powers the app
Swift
17
star
46

csicloak

Python
15
star
47

seemoo-wearable-sensing

Sensor data collector for Samsung Gear S3
JavaScript
15
star
48

talon-sector-patterns

Antenna Sector Patterns as obtained by Measurements in the CoNEXT'17 paper
MATLAB
14
star
49

pairsonic

Helping groups securely exchange contact information.
Dart
13
star
50

fido2ext

Bring Your Own FIDO2 Extensions!
JavaScript
12
star
51

wifi-password-sharing

An open source implementation of Apple's Wi-Fi Password Sharing protocol in Swift.
Swift
12
star
52

privatefind

Lost and Found: Stopping Bluetooth Finders from Leaking Private Information
C
12
star
53

nexmon_tx_task

Scheduled frame transmission on Broadcom Wi-Fi Chips
C
11
star
54

pico-nexmon

Applications for the Raspberry Pi Pico W related to Nexmon the C-based firmware patching framework for Broadcom/Cypress WiFi chips.
CMake
11
star
55

wisec2017_nexmon_jammer_demo_firmware

This project contains the nexmon-based source code of the jammer used in our WiSec 2017 demo Android app.
C
10
star
56

bcm_misc

10
star
57

opennan

OpenNAN - An open source NAN stack for Linux
C
9
star
58

Hardwhere

snipeit-it based asset management app
Kotlin
8
star
59

ubicomp19_zero_interaction_security

Source code for experiments and evaluation of five zero-interaction security schemes, for our Ubicomp 2019 paper "Perils of Zero-Interaction Security in the Internet of Things"
Jupyter Notebook
8
star
60

offline-finding-evaluation

Quantitative analysis of location reports from Apple's offline finding (OF) location tracking system
Jupyter Notebook
7
star
61

myo-keylogging

Code for "My(o) Armband Leaks Passwords: An EMG and IMU Based Keylogging Side-Channel Attack" paper
Python
7
star
62

natural-disaster-mobility

Natural Disaster Mobility Model and Scenarios in the ONE
Java
6
star
63

wisec2017_nexmon_jammer_reproducibility

This project contains all measured data and scripts to recreate the plots used in our WiSec 2017 paper.
MATLAB
6
star
64

nexmon_energy_measurement

This repository contains patched Linux kernel sources to run energy measurements on the Wi-Fi chip of a Nexus 5 smartphone.
C
6
star
65

next2you

Source code for experiments and evaluation of Next2You copresence detection scheme, for our TIOT 2021 paper "Next2You: Robust Copresence Detection Based on Channel State Information".
C
6
star
66

d11-emu

D11emu: A BCM43 D11 Emulation Framework
Rust
6
star
67

aic-prototype

Proof of concept implementation of Acoustic Integrity Codes (AICs) for Android smartphones
Kotlin
6
star
68

CellGuard

CellGuard is a research project that analyzes how cellular networks are operated and possibly surveilled
5
star
69

powerpc-ose

C++
5
star
70

PrivateDrop-Base

The framework that powers PrivateDrop
C
4
star
71

fastzip

Source code for experiments and evaluation of FastZIP zero-interaction pairing scheme, for our Mobisys 2021 paper "FastZIP: Faster and More Secure Zero-Interaction Pairing".
Python
4
star
72

graphics

3
star
73

tpy

A Lightweight Framework for Agile Distributed Network Experiments
Python
3
star
74

wintech23_nexmon_d11debug

Pawn
3
star
75

woot24_cfi_coverage_tools

The artifacts for the 'On the Effectiveness of CFI in Practice' paper to be published at WOOT'24.
Python
2
star
76

click-castor

Click implementation of LIDOR/SEMUD (based on the Castor routing protocol)
C++
2
star
77

privatedrop-evaluation

Jupyter Notebook
2
star
78

wisec23-speaker-bootstrapping

Software repository for our WiSec '23 demo: Secure Bootstrapping of Smart Speakers Using Acoustic Communication
C
2
star
79

caret

CARET: The Crisis and Resilience Evaluation Tool
Python
2
star
80

hardzipa

Source code for experiments and evaluation of HardZiPA system for our EWSN 2023 paper "Hardening and Speeding UpZero-interaction Pairing and Authentication".
Python
2
star
81

kardia-demod

Python
1
star
82

talon-library-measurements

Large-Scale Talon Measurements at Library
1
star
83

handoff-authentication-swift

C++
1
star
84

wintech2017_nexmon_ping_offloading

This project contains the nexmon-based source code of the ping offloading application used in our WiNTECH 2017 paper.
C
1
star
85

python-msp430-tools

This is a fork of the original python-msp430-tools repository on Launchpad. It features a patchset that is required to use the tools with the Shimmer3 devices.
Python
1
star
86

Please-Unstalk-Me

User Data and Online Survey results
Jupyter Notebook
1
star