Page 1 of 1

Decrypting wireshark data

Posted: Fri Nov 08, 2019 2:26 am
by Zilla707
Is there a way to decrypt data that has been captured by wireshark into something a bit more readable? To install it and run it: [sudo apt-get install wireshark] then [sudo wireshark] (I found that starting it with superuser permissions works better). Then hit the start capturing button in the top-left. When done, hit the square button and the save with ctrl-s, but then I can't figure out what do do with the captured data in file form. Any help with this?

Re: Decrypting wireshark data

Posted: Fri Nov 08, 2019 2:55 am
by trejan
They're not encrypted.

Load it back into Wireshark or use the command line version called tshark.

If you want to process the data yourself then you can use libpcap if it is the older pcap files or read https://wiki.wireshark.org/Development/PcapNg if you've got the new pcapng files. Newer versions of libpcap can read pcapng as well.

Re: Decrypting wireshark data

Posted: Fri Nov 08, 2019 4:26 am
by dorian-ny
You might get more help if you say what exactly are you looking for in the data

Re: Decrypting wireshark data

Posted: Sat Nov 09, 2019 1:05 am
by Zilla707
Ah. Sorry. What I am trying to do, is once I capture a packet that has been sent from some other device, like a text message, get that data into what the devices that is receiving gets to see. Of course, since there are a ton of different package types, this might just not work. Please tell me if that's the case. :D

Re: Decrypting wireshark data

Posted: Sat Nov 09, 2019 1:32 am
by dorian-ny
That data is most certainly encrypted. In-fact even most useless web-traffic is encrypted nowadays.
Sorry but if you want to spy on your sister you will have to do it the old fashioned way and read her diary