This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

A desktop application is authenticating from my PC to a server over the internet with username & password. I always get the message that says "Authorization Failed. Please check email and password values.". Now the vendor is saying it is my software firewall that s causing this to which I disagree, as other services are running perfectly on my machine. How can I use Wireshark to troubleshoot and find this out?

asked 05 Feb '11, 07:21

Alexander%20Haynes's gravatar image

Alexander Ha...
6112
accept rate: 0%


I doubt it's your software firewall, but you never know. You can use Wireshark to capture the network data your PC is sending. Best would be from a second PC as a passive/neutral recording device if possible, but if you can't do that you can try with Wireshark on the affected PC as well. I'd consider disabling the software firewall as well, but that is only advisable if the PC is not directly connected to the internet (for example, if there is a router, too).

You need to identify the TCP flow that carries the authentication process. A good way to do that is to find out the IP addresses of client and server (you can use nslookup to get the one for the server if you know the dns name, and ipconfig/ifconfig for your PC), and then using the conversation statistics to find all flows that match. "Follow TCP stream" can help if you have a clear text protocol asking for authentication; otherwise it is a little difficult to find the login data.

Ususally you'll see your PC being asked for the login details and after it sends it you'll get a result. If you see that (login credentals as well as the authentication failure result) you know that the vendor is wrong. If you don't see the authentication details and results you have a local problem.

permanent link

answered 05 Feb '11, 11:42

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

I think you may have a great answer.

Since I am a bit new to Wireshark is it possible to do some screenshots or a video and post on either dropbox.com (screenshots) or screencast.com (video)?

(05 Feb '11, 15:00) Alexander Ha...
1

Just had a quick look here, http://www.youtube.com/watch?v=NHLTa29iovU , and it seems to good screencast intro for using Wireshark to capture web browser traffic.

(05 Feb '11, 16:37) martyvis

Thx martyvis, good find. It's a good intro to start with and should give the right ideas. Alexander, let us know if you need further help.

(06 Feb '11, 05:32) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×12
×3
×2
×1

question asked: 05 Feb '11, 07:21

question was seen: 7,843 times

last updated: 21 Apr '11, 00:18

p​o​w​e​r​e​d by O​S​Q​A