Useful tricks with Wireshark.

With Wireshark, getting a list of all web browsers used on a network is very easy. This example will list all network packets that contain an HTTP user agent.

http.user_agent

This is the best way to list all browsers on the network. Below I have included a sample packet. This seems to indicate that Windows 11 uses Microsoft Edge as the search in the background. I searched in the Start menu, which uses Microsoft Edge behind the scenes.

0000 01 00 5e 7f ff fa fc 34 97 a5 bc 7e 08 00 45 00 ..^….4…~..E. 0010 00 cb 6f ab 00 00 01 11 00 00 c0 a8 01 05 ef ff ..o…………. 0020 ff fa c8 11 07 6c 00 b7 ff c0 4d 2d 53 45 41 52 …..l….M-SEAR 0030 43 48 20 2a 20 48 54 54 50 2f 31 2e 31 0d 0a 48 CH * HTTP/1.1..H 0040 4f 53 54 3a 20 32 33 39 2e 32 35 35 2e 32 35 35 OST: 239.255.255 0050 2e 32 35 30 3a 31 39 30 30 0d 0a 4d 41 4e 3a 20 .250:1900..MAN: 0060 22 73 73 64 70 3a 64 69 73 63 6f 76 65 72 22 0d "ssdp:discover". 0070 0a 4d 58 3a 20 31 0d 0a 53 54 3a 20 75 72 6e 3a .MX: 1..ST: urn: 0080 64 69 61 6c 2d 6d 75 6c 74 69 73 63 72 65 65 6e dial-multiscreen 0090 2d 6f 72 67 3a 73 65 72 76 69 63 65 3a 64 69 61 -org:service:dia 00a0 6c 3a 31 0d 0a 55 53 45 52 2d 41 47 45 4e 54 3a l:1..USER-AGENT: 00b0 20 4d 69 63 72 6f 73 6f 66 74 20 45 64 67 65 2f Microsoft Edge/ 00c0 31 30 35 2e 30 2e 31 33 34 33 2e 33 33 20 57 69 105.0.1343.33 Wi 00d0 6e 64 6f 77 73 0d 0a 0d 0a ndows….

To find out the operating system used by a host, use the filter below.

http.request and !(ssdp)

0000 c8 14 51 5f a9 47 fc 34 97 a5 bc 7e 08 00 45 00 ..Q_.G.4…~..E. 0010 01 dc d2 d7 40 00 80 06 00 00 c0 a8 01 05 8e fa ….@……….. 0020 cc 03 e0 5d 00 50 2d 22 14 fa f7 f6 6a 71 50 18 …].P-"….jqP. 0030 04 01 1e 7a 00 00 50 4f 53 54 20 2f 67 74 73 31 …z..POST /gts1 0040 63 33 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 c3 HTTP/1.1..Hos 0050 74 3a 20 6f 63 73 70 2e 70 6b 69 2e 67 6f 6f 67 t: ocsp.pki.goog 0060 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f ..User-Agent: Mo 0070 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f zilla/5.0 (Windo 0080 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 ws NT 10.0; Win6 0090 34 3b 20 78 36 34 3b 20 72 76 3a 31 30 34 2e 30 4; x64; rv:104.0 00a0 29 20 47 65 63 6b 6f 2f 32 30 31 30 30 31 30 31 ) Gecko/20100101 00b0 20 46 69 72 65 66 6f 78 2f 31 30 34 2e 30 0d 0a Firefox/104.0.. 00c0 41 63 63 65 70 74 3a 20 2a 2f 2a 0d 0a 41 63 63 Accept: /..Acc 00d0 65 70 74 2d 4c 61 6e 67 75 61 67 65 3a 20 65 6e ept-Language: en 00e0 2d 55 53 2c 65 6e 3b 71 3d 30 2e 35 0d 0a 41 63 -US,en;q=0.5..Ac 00f0 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 3a 20 67 cept-Encoding: g 0100 7a 69 70 2c 20 64 65 66 6c 61 74 65 0d 0a 43 6f zip, deflate..Co 0110 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c ntent-Type: appl 0120 69 63 61 74 69 6f 6e 2f 6f 63 73 70 2d 72 65 71 ication/ocsp-req 0130 75 65 73 74 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 uest..Content-Le 0140 6e 67 74 68 3a 20 38 33 0d 0a 44 4e 54 3a 20 31 ngth: 83..DNT: 1 0150 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 6b 65 ..Connection: ke 0160 65 70 2d 61 6c 69 76 65 0d 0a 50 72 61 67 6d 61 ep-alive..Pragma 0170 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 61 63 68 : no-cache..Cach 0180 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 e-Control: no-ca 0190 63 68 65 0d 0a 0d 0a 30 51 30 4f 30 4d 30 4b 30 che….0Q0O0M0K0 01a0 49 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 c7 2e I0…+………. 01b0 79 8a dd ff 61 34 b3 ba ed 47 42 b8 bb c6 c0 24 y…a4…GB….$ 01c0 07 63 04 14 8a 74 7f af 85 cd ee 95 cd 3d 9c d0 .c…t…….=.. 01d0 e2 46 14 f3 71 35 1d 27 02 10 64 38 9c ea 75 d9 .F..q5.'..d8..u. 01e0 f8 94 12 db 45 11 71 0f a7 9a ….E.q…

This shows the web browser HTTP user-agent and the operating system of the host. This could be very useful when listening on a network using Kali Linux or Parrot. Either is very good for penetration testing. The reconnaissance phase would involve gathering information about a network and the users on it. Listing all operating systems and browsers used on the network would be very useful to a penetration tester.

Use the filter below to list all packets that come from a certain IP address.

ip.src == 10.2.3.9

And use the filter below to list all packets that are directed to a certain IP address.

ip.dst == 134.170.108.96

Leave a Comment Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

how to run the command?

Oh WordPress ruined the command formatting. I think you can figure this out.

Both things can also be achieved with just yt-dlp. Print chapter titles: yt-dlp --print "%(chapters.:.title)#l" https://www.youtube.com/watch?v=o1jv509M8Zg Print 15 latest videos:…

I used to administer a nextstep machine (color pizza slab, 24MB ram). Wrote display postscript demos and screensavers for it.…

yeah good example of how simple raycasting a-la wolfenstein is i write fun stuf in bash but i'm less cool…

mpv --config=no --audio-device=pulse/alsa_output.usb-0c76_USB_PnP_Audio_Device-00.analog-stereo --quiet --vo=tct --lavfi-complex='[aid1]asplit[ao][a1];[a1]showcqt[vo]' /media/sdc2/Projects/Music/NSF/amazingmusic/NSF_Archive/Chiptune_Artists/Originals/* showcqt ftw! thanks!

Hi.. does the launcher comes in english..also in game options not working Thank you

I got to launch in english...but the launched in Russian...also option menu is not active in game...could you please help...thank…

Hi..I am installing it right now...thank you for replay One question...is it available with English language Thank you

Maybe, easier than Windows XP. IE is spread across the whole OS it seems with the Active Desktop crap. But…

Do you think it's possible to build a standalone executable of IE5 from the win2k source code? I built calc.exe…