The Official Wireshark Blog

SSL / TLS Renegotiation Bug

Categories: Uncategorized
Marsh Ray and Steve Dispensa have an excellent writeup of the recently-discovered renegotiation bug in SSL and TLS. It really is excellent, too. I’m not just saying so because they provide a bunch of sample captures showing renegotiation in action or because Wireshark is prominently featured in their discussion. In related news, the secure web is no longer secure and civilization will soon collapse. Comments 🔗Comment by Marsh Ray on 2009-11-07 00:09:03 +0000 🔗I could not have done it without Wireshark. Re: “In related news, the secure web is no longer secure and civilization will soon collapse.” Please note that our research yielded little in support of that theory about civilization! Comment by Kelt on 2009-11-18 11:52:43 +0000 🔗I just wanted to say kudos to Marsh and Steve for finding this vulnerability. Now I have to go figure out a workaround for a few 1000 servers until a patch is released. 😉 And I’d like to point out the obvious statement: Wireshark is awesome. I used to use Ethereal and pcap but switched over to the shark. Keep up the good work guys.

We made the Today Show! (Sort of)

If you look closely and don’t blink you can see an AirPcap NX and Wireshark in a recent Today Show segment. Comments 🔗Comment by Ryan on 2009-11-03 11:32:22 +0000 🔗I found it amusing how that video calls Wardiving ‘new’. Comment by Patrick Gryciuk on 2009-11-04 03:06:06 +0000 🔗bahaha I love it :D. I’ve been using wireshark for a long time (long before it changed it’s name from ethereal.) I just wanted to thank all the developers for their contributions to the project. When I have more free time on my hands I’ll definitely try to join the development group.. or at the very least make a donation. Comment by jc on 2009-11-05 11:02:41 +0000 🔗@Ryan: ‘wardiving’? Is that using SCUBA gear to hunt for underwater WiFi networks?

Using Wireshark to track a botnet

Categories: Protocols Security
Security researchers have written a Wireshark dissector that will decrypt the command and control protocol used by the Mariposa botnet. More information at Palo Alto Networks and Defence Intelligence. Comments 🔗Comment by ManOnFire on 2009-11-02 08:05:48 +0000 🔗Anyone have a packet capture for mariposa C&C? I would like to test the decryption plugin. Thanks! Comment by Gerald Combs on 2009-11-04 13:47:55 +0000 🔗You might try contacting Palo Alto Networks or Defence Intelligence. I don’t see any capture file downloads on either site.