Wireshark Analyser
This page runs Tshark with a given Pcap file and a defined filter. First select your Wireshark trace:
Trace name: /log/hydra_telnet.zip
Tshark Output
Click here for the Pcap file. The Tshark output is:
c:\program files\wireshark\tshark.exe -Y "tcp.port==23 && tcp.flags.syn==1 && tcp.flags.ack==0" -r hydra_telnet.pcap 1 0.000000 192.168.47.171 → 192.168.47.200 TCP 62 7104 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 6 0.001142 192.168.47.171 → 192.168.47.200 TCP 62 7105 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 9 0.002049 192.168.47.171 → 192.168.47.200 TCP 62 7106 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 12 0.002953 192.168.47.171 → 192.168.47.200 TCP 62 7107 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 15 0.003817 192.168.47.171 → 192.168.47.200 TCP 62 7108 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 18 0.006084 192.168.47.171 → 192.168.47.200 TCP 62 7109 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 21 0.007015 192.168.47.171 → 192.168.47.200 TCP 62 7110 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 24 0.007852 192.168.47.171 → 192.168.47.200 TCP 62 7111 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 27 0.008904 192.168.47.171 → 192.168.47.200 TCP 62 7112 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 30 0.010299 192.168.47.171 → 192.168.47.200 TCP 62 7113 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 33 0.011162 192.168.47.171 → 192.168.47.200 TCP 62 7114 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 34 0.011939 192.168.47.171 → 192.168.47.200 TCP 62 7115 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 91 1.063685 192.168.47.171 → 192.168.47.200 TCP 62 7116 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 97 1.065413 192.168.47.171 → 192.168.47.200 TCP 62 7117 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 103 1.067085 192.168.47.171 → 192.168.47.200 TCP 62 7118 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 109 1.068608 192.168.47.171 → 192.168.47.200 TCP 62 7119 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 115 1.070150 192.168.47.171 → 192.168.47.200 TCP 62 7120 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 121 1.072813 192.168.47.171 → 192.168.47.200 TCP 62 7121 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 127 1.075615 192.168.47.171 → 192.168.47.200 TCP 62 7122 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 133 1.078157 192.168.47.171 → 192.168.47.200 TCP 62 7123 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 159 2.093385 192.168.47.171 → 192.168.47.200 TCP 62 7124 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 165 2.094787 192.168.47.171 → 192.168.47.200 TCP 62 7125 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 171 2.096097 192.168.47.171 → 192.168.47.200 TCP 62 7126 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 177 2.097399 192.168.47.171 → 192.168.47.200 TCP 62 7127 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 183 2.119828 192.168.47.171 → 192.168.47.200 TCP 62 7128 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 189 2.121454 192.168.47.171 → 192.168.47.200 TCP 62 7129 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 195 2.123041 192.168.47.171 → 192.168.47.200 TCP 62 7130 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 205 2.126735 192.168.47.171 → 192.168.47.200 TCP 62 7131 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 227 3.124881 192.168.47.171 → 192.168.47.200 TCP 62 7132 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 230 3.125896 192.168.47.171 → 192.168.47.200 TCP 62 7133 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 239 3.127510 192.168.47.171 → 192.168.47.200 TCP 62 7134 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 245 3.129621 192.168.47.171 → 192.168.47.200 TCP 62 7135 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 251 3.140617 192.168.47.171 → 192.168.47.200 TCP 62 7136 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 265 3.159250 192.168.47.171 → 192.168.47.200 TCP 62 7137 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 271 3.160567 192.168.47.171 → 192.168.47.200 TCP 62 7138 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 277 3.162118 192.168.47.171 → 192.168.47.200 TCP 62 7139 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 291 4.157991 192.168.47.171 → 192.168.47.200 TCP 62 7140 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 297 4.158634 192.168.47.171 → 192.168.47.200 TCP 62 7141 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 303 4.159215 192.168.47.171 → 192.168.47.200 TCP 62 7142 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 309 4.171566 192.168.47.171 → 192.168.47.200 TCP 62 7143 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 321 4.187942 192.168.47.171 → 192.168.47.200 TCP 62 7144 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 327 4.188516 192.168.47.171 → 192.168.47.200 TCP 62 7145 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 333 4.189079 192.168.47.171 → 192.168.47.200 TCP 62 7146 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 340 4.203006 192.168.47.171 → 192.168.47.200 TCP 62 7147 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 407 5.187734 192.168.47.171 → 192.168.47.200 TCP 62 7148 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 410 5.188940 192.168.47.171 → 192.168.47.200 TCP 62 7149 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 413 5.190993 192.168.47.171 → 192.168.47.200 TCP 62 7150 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 416 5.218906 192.168.47.171 → 192.168.47.200 TCP 62 7152 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 417 5.219430 192.168.47.171 → 192.168.47.200 TCP 62 7153 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 422 5.220694 192.168.47.171 → 192.168.47.200 TCP 62 7151 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 431 5.233814 192.168.47.171 → 192.168.47.200 TCP 62 7154 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 432 5.234037 192.168.47.171 → 192.168.47.200 TCP 62 7155 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 455 6.264858 192.168.47.171 → 192.168.47.200 TCP 62 7156 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 461 6.265457 192.168.47.171 → 192.168.47.200 TCP 62 7157 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 467 6.280427 192.168.47.171 → 192.168.47.200 TCP 62 7158 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 473 6.280994 192.168.47.171 → 192.168.47.200 TCP 62 7159 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 491 7.312093 192.168.47.171 → 192.168.47.200 TCP 62 7160 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 497 7.313574 192.168.47.171 → 192.168.47.200 TCP 62 7161 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 503 7.314583 192.168.47.171 → 192.168.47.200 TCP 62 7162 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 509 7.327670 192.168.47.171 → 192.168.47.200 TCP 62 7163 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 527 8.342998 192.168.47.171 → 192.168.47.200 TCP 62 7164 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 533 8.343634 192.168.47.171 → 192.168.47.200 TCP 62 7165 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 539 8.359703 192.168.47.171 → 192.168.47.200 TCP 62 7166 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 549 8.376163 192.168.47.171 → 192.168.47.200 TCP 62 7167 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 561 9.374074 192.168.47.171 → 192.168.47.200 TCP 62 7168 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 567 9.390011 192.168.47.171 → 192.168.47.200 TCP 62 7169 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 575 9.405723 192.168.47.171 → 192.168.47.200 TCP 62 7170 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 583 9.421604 192.168.47.171 → 192.168.47.200 TCP 62 7171 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 649 10.405692 192.168.47.171 → 192.168.47.200 TCP 62 7172 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 653 10.437152 192.168.47.171 → 192.168.47.200 TCP 62 7173 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 656 10.452323 192.168.47.171 → 192.168.47.200 TCP 62 7174 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 661 10.468268 192.168.47.171 → 192.168.47.200 TCP 62 7175 → 23 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 |
Rules file
tcp.port==23 && tcp.flags.syn==1 && tcp.flags.ack==0
Examples
The following uses the Wireshark display filter:
- PNG Filter: http contains "\x89\x50\x4E\x47". Trace with a PNG and PNG filter: Test. Pcap
- PDF Filter: http contains "%PDF". Trace with a PDF and PDF filter: Test. Pcap
- GIF Filter: http contains "GIF89a". Trace with a GIF and GIF filter: Test. Pcap
- ZIP Filter: http contains "\x50\x4B\x03\x04". Trace with a ZIP and ZIP filter: Test. Pcap
- JPEG Filter: http contains "\xff\xd8". Trace with a JPEG and JPEG filter: Test. Pcap
- MP3 Filter: http contains "\x49\x44\x33". Trace with an MP3 and MP3 filter: Test. Pcap
- RAR Filter: http contains "\x52\x61\x72\x21\x1A\x07\x00". Trace with a RAR and RAR filter: Test. Pcap
- AVI Filter: http contains "\x52\x49\x46\x46". Trace with a AVI and AVI filter: Test. Pcap
- SWF Filter: http contains "\x46\x57\x53". Trace with a SWF and SWF filter: Test. Pcap
- GZip Filter: http contains "\x1F\x8B\x08". Trace with a GZIP and GZIP filter: Test. Pcap
- Email address Filter: smtp matches ""[a-zA-Z0-9._%+-]+@[a-zA-Z0-9._%+-]"". Trace with an email and Email regex filter: Test. Pcap
- IP address Filter: http matches ""[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}.[0-9]{1,3}"". Trace with HTTP traffic and IP address regex filter: Test. Pcap
- Credit card details (Mastercard) Filter: smtp matches ""5\\d{3}(\\s|-)?\\d{4}(\\s|-)?\\d{4}(\\s|-)?\\d{4}"". Trace with an email and Mastercard regex filter: Test. Pcap
- Credit card details (Visa) Filter: smtp matches ""4\\d{3}(\\s|-)?\\d{4}(\\s|-)?\\d{4}(\\s|-)?\\d{4}"". Trace with an email and Visa filter regex filter: Test. Pcap
- Credit card details (Am Ex) Filter: smtp matches ""3\\d{3}(\\s|-)?\\d{6}(\\s|-)?\\d{5}"". Trace with an email and Am Ex regex filter: Test. Pcap
- Domain name Filter: http matches ""[a-zA-Z0-9\-\.]+\.(com|org|net|mil|edu|COM|ORG|NET|MIL|EDU|UK)"". Trace with an email and Email regex filter: Test. Pcap
- FTP User/Password Crack Filter: ftp contains \"530 User\". Trace with FTP Hydra and 530 filter: Test. Pcap
- FTP Login Filter: tcp.port==21 && tcp.flags.syn==1 && tcp.flags.ack==1. Trace with FTP Hydra and SYN/Port 21 filter: Test. Pcap
- Telnet Login Filter: tcp.port==23 && tcp.flags.syn==0 && tcp.flags.ack==0. Trace with Telnet Hydra and SYN/Port 23 filter: Test. Pcap
- Telnet Login Filter: telnet contains "login": Test. Pcap
- Telnet Login Filter: telnet contains "Failed": Test. Pcap
- Hping DoS Filter: tcp.flags.syn==1 && tcp.flags.ack==0. Trace with Hping and SYN flag filter: Test. Pcap