Wireshark
iodine
Wireshark | iodine | |
---|---|---|
10 | 58 | |
6,744 | 5,821 | |
2.9% | - | |
10.0 | 5.1 | |
1 day ago | 6 months ago | |
C | C | |
GNU General Public License v3.0 only | ISC License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Wireshark
-
Wireshark & tcpdump: A Debugging Power Couple
To begin with Wireshark, visit their official website for the download. The installation process is straightforward, but attention should be paid to the installation of command-line tools, which may require separate steps. Upon launching Wireshark, users are greeted with a selection of network interfaces as seen below. Choosing the correct interface, such as the loopback for local server debugging, is crucial for capturing relevant data.
-
Best Hacking Tools for Beginners 2024
Wireshark
- Why is my LG Washing Machine using 3.6GB of data/day?
-
Non-IP networking
If you're very curious as to what is really going on under the hood, I recommend you familiarize yourself with port mirroring for your switch platform of choice, and then use a laptop in promiscuous mode to capture traffic using Wireshark. Failing that, hire a network engineer to interview one of their sales engineers or architects, and have them explain it to you.
-
Biscuit studying IPv6 with me
You should do a hands fins-on lab with Wireshark.
-
How to implement SSL/TLS pinning in Node.js
A great way to test the effectiveness of a pinning implementation is by simulating an MITM attack. Tools like Mitmproxy or Wireshack allow us to create a test environment to monitor, intercept, and proxy network requests for a test host.
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
They even have a nice comment explaining the heuristic: https://github.com/wireshark/wireshark/blob/ef9c79ae81b00a63...
* Heuristics to detect the WireGuard protocol:
-
Rockwell L5X Vendor, ProductType, and ProductCode Lists
This has been put together for Wireshark, starting on line 1520 https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-cip.c
- Ask HN: Is there a tool to generate binary protocol figures out of a spec?
-
Network+ Wireshark classification question
Obviously based on the question you know the answer is a Wireshark-like software and it boils down to how you classify Wireshark. My issue is that Wikipedia refers to it as a Packet Analyzer, Varonis refers to it as a Packet Sniffer, Wireshark refers to itself as a Network Protocol Analyzer, Kali documentation refers to it as a Network Sniffer, Wireshark's README refers to itself as a Network Analyzer OR Sniffer...
iodine
-
Show HN: This Website Is Hosted on DNS
Reminds me of using https://code.kryo.se/iodine/ ( DNS tunnel ) and a empty prepaid card...
-
DNS Exfiltration Tool
Obligatory dns tunnel software for exfil. It is super noisy if you do dns querylogging, so I'd not use it for anything major, but it is a fun research tool.
https://github.com/yarrick/iodine
-
Fun with DNS TXT Records
It's worth noting that you (re) invented what iodine does: https://code.kryo.se/iodine/
-
WiFi without internet on a Southwest flight
(https://github.com/yarrick/iodine)
It’s slow, but it works and is a handy “last resort” tool.
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
While working in an environment where VPN connections were pretty much all blocked⁰ a friend of mine had success using https://guacamole.apache.org/ to access a remote machine¹. Not quite the same as a direct VPN connection but worth a try if nothing else functions, it looks enough like normal HTTPS traffic that he got away with it.
To keep your wireguard setup more as-is, you could try https://kirill888.github.io/notes/wireguard-via-websocket/ to tunnel that via a web server. In fact https://github.com/erebe/wstunnel which that uses could be used just as well with any other UDP based VPN.
I once tinkered with https://github.com/yarrick/iodine and successfully connected to resources over the wireless on a train, bypassing its traffic capture and sign-up requirement, so that might be an option, though I think fully blocking external DNS is more common now so this is less likely to work²³.
--
[0] practically only HTTP(S) permitted, not even SSH, DPI in use that detected just using SSH or OpenVPN over port 443
[1] NOTE: be careful breaching restrictions like this, you are at risk of an insta-sacking if discovered, or worse if operating in some securiry environments!
[2] and the latency when it does work is significant!
[3] and that much traffic over port 53 might get noticed by the heuristics of data exfiltration scanner, encouraging sysadmins to notice and implement a way to block it
-
Show HN: File distribution over DNS: (ab)using DNS as a CDN
There's also iodine, a C program that tunnels IPv4 packets over DNS. Useful for bypassing captive portals on wifi, since DNS usually isn't restricted.
https://github.com/yarrick/iodine
Regarding cloudflare DNS over HTTPS: It could be that it tries to server data encoded as JSON, which is impossible in JSON. Some control characters and bytes 128-255 cannot be represented as JSON strings.
-
Show HN: Use DNS TXT to share information
A regular proxy on port 53 might work? Is it necessary to actually use DNS?
Otherwise there's https://github.com/yarrick/iodine
- Anything can be a message queue if you use it wrongly enough
-
help with choosing a VPN to host (I'll explain)
Well, you're really exhausting your options here (and possibly your IT department's patience). Iodine would still be an option, it creates a tunnel through DNS traffic. Nearly impossible to block/filter out but you shouldn't expect a lot of bandwidth. Try it out! Although if you're only going to use low-bandwidth applications through the tunnel anyway you might as well use your own mobile data plan instead of your school's WLAN.
- DNS blacklisting in enterprise
What are some alternatives?
mitmproxy - An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
dnscat2
pyshark - Python wrapper for tshark, allowing python packet parsing using wireshark dissectors
miniProxy
mtr - Official repository for mtr, a network diagnostic tool
PHP-Proxy - Proxy Application built on php-proxy library ready to be installed on your server
Sysdig - Linux system exploration and troubleshooting tool with first class support for containers
Nginx Proxy Manager - Docker container for managing Nginx proxy hosts with a simple, powerful interface
Dripcap
inlets - Get public TCP LoadBalancers for local Kubernetes clusters
Winshark - A wireshark plugin to instrument ETW
Swiperproxy - A Python-based HTTP/HTTPS-proxy.