I use TOR inside a Virtual Machine. I run Wireshark on my Host. I want to detect TOR usage (for learning/studying) with Wireshark but don't know how. I've tried this: https://ask.wireshark.org/questions/13590/tor-detection but tshark output doesn't show any cert names. Are there any other ways to accomplish this task? Edit: reply to Kurt Knochner This is what I did: Then I choose wan0 interface and basically start live capturing. I use Tor on my Virtual Machine and after decent amount of time I save the log to file.pcapng Next according to your method I do: Output: And that's it, no certificates found. I also converted file.pcapng to file.pcap and ran the command again without luck. What am I doing wrong? asked 29 Nov '14, 02:56  student1111 edited 04 Dec '14, 07:50 |
One Answer:
apparently it does work in my example, as shown in my answer to the question you mentioned. So, you either did not capture SSL/TLS handshake traffic or there is a problem with the way you ran tshark. As you neither provided the tshark command nor the capture file, it's kind of hard/impossible to help you! Please add the information I mentioned (tshark command, pcap file). Regards answered 01 Dec '14, 17:00  Kurt Knochner ♦ |
Question updated with details you asked for