From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1P43Eg-0003BR-Je for garchives@archives.gentoo.org; Fri, 08 Oct 2010 03:03:07 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id ACACEE09D2; Fri, 8 Oct 2010 03:02:06 +0000 (UTC) Received: from mail-ww0-f53.google.com (mail-ww0-f53.google.com [74.125.82.53]) by pigeon.gentoo.org (Postfix) with ESMTP id 6B2ADE0AA4 for ; Fri, 8 Oct 2010 03:02:06 +0000 (UTC) Received: by wwc33 with SMTP id 33so595211wwc.10 for ; Thu, 07 Oct 2010 20:02:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=Q1UnmRL5/cgDZylRN9BI4xxanlmGiiiCt4rTpWP2QgM=; b=WO5oQ4uPjcguediy84AiGAQ2xH5aWn1/Lr9wAGdsPDUb0V7AFC/UJQQ054SuYUeQ46 +I2BdCTNWXtZakRkdBkU0uyuV+0WV1xTTdiunBMpPMLBZQhFgFy9mVuPnlDovaRoABg/ jMnprNmkff9RrcsJiLrPD/BEWPoln+uwBIF1o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=JHw05iBJsSLl6FYe5SgCmSZVhLhXbjyL5CoAu+ylqVVZfV2tzguZGOYUvLujH1/m37 +TcryVy2XP9ymW3EKjEmdBUuA9ftDpy7fkxOmX1raRt1IAg7/3kP4gaOplXx1w1TAXUI h+PTbxxw5OPOpLan4bsGDOV7h9FHArYDD9xzk= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.216.184.19 with SMTP id r19mr1621221wem.36.1286506925848; Thu, 07 Oct 2010 20:02:05 -0700 (PDT) Received: by 10.216.21.141 with HTTP; Thu, 7 Oct 2010 20:02:05 -0700 (PDT) In-Reply-To: <09AFAAB1-8CAC-4461-A9AF-233C6AE9F347@stellar.eclipse.co.uk> References: <4CADAEF7.4090302@gmail.com> <09AFAAB1-8CAC-4461-A9AF-233C6AE9F347@stellar.eclipse.co.uk> Date: Fri, 8 Oct 2010 14:02:05 +1100 Message-ID: Subject: Re: [gentoo-user] Sniffing / analysis of application / wifi packets on my LAN From: Adam Carter To: gentoo-user@lists.gentoo.org Content-Type: multipart/alternative; boundary=0016e64ea56a50f9970492123cd8 X-Archives-Salt: 9cad291d-6636-4006-a7e4-747d13f780dc X-Archives-Hash: 91a14a40144d9d84059b3cd5a11ef289 --0016e64ea56a50f9970492123cd8 Content-Type: text/plain; charset=ISO-8859-1 > > > As far as CLI tools go, sorry, I'm not sure what's available. Never had > > a need to look into those. > tcpdump is the most common CLI tool. Handy if you want to capture to a file on a unix based firewall or F5 etc so you can then view it in Wireshark on your workstation. > So Wireshark is a GUI tool? > Yes. It has crypto decode for SSL if you have the private key, so it might also be possible to have it decode WPA since you have the key - RTFM to find out for sure. Depending on how the crypto works you may need to have captured the beginning of the crypto setup to be able to decode, as that's where the session key will be exchanged. Cant remember if WPA does that or not. --0016e64ea56a50f9970492123cd8 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
> As far as CLI tools go, sorry, I'm not sure what's available. = =A0Never had
> a need to look into those.

tcpdump is t= he most common CLI tool. Handy if you want to capture to a file on a unix b= ased firewall or F5 etc so you can then view it in Wireshark on your workst= ation.


So Wireshark is a GUI tool?

Yes.
<= /div>
It has crypto decode for SSL if you have the private key, so it mi= ght also be possible to have it decode WPA since you have the key - RTFM to= find out for sure. Depending on how the crypto works you may need to have = captured the beginning of the crypto setup to be able to decode, as that= 9;s where the session key will be exchanged. Cant remember if WPA does that= or not.
--0016e64ea56a50f9970492123cd8--