This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi!

I don't know what I'm doing wrong, I'm new to Wireshark, I've seen tutorials on Youtube and yet I can't capture a remote IP address of a person texting with me over Omegle (so I could see where is the person't location - just for fun of course).

I select my caputure device (my NIC), I filter UDP packets and yet all I get is 192.168.2.1 (my router) and 192.168.2.2 (my computer's local IP). And so if I go under IPv4 Source I can't see anything else but those two IPs.

Note: I'm texting on Omegle, not video-ing, is that a problems? Note 2: I'm behind 2 routers, but I don't think that could be the problem?

Please help me, thank oyu!

asked 03 Mar '15, 12:27

Bellzemos's gravatar image

Bellzemos
6112
accept rate: 0%

Anyone, please?

(03 Mar '15, 13:59) Bellzemos

Chat tools/app usually don't talk directly to the persons devices, as that won't work (think about private addresses, NAT, proxies, etc.). Instead they use a relay server of the app vendor. So, all you will see is the ip address of the Omegle chat server. There is no way to find the IP address of the chat partner unless Omegle discloses that information in the app itself.

Regards
Kurt

permanent link

answered 03 Mar '15, 14:23

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Here, it starts happening at about 2 minutes in: https://www.youtube.com/watch?v=hBcvX6GA5UQ

There some more videos showing the same trick (but I'm still unable to make it work). It's also possible to get the other person's IP while talking over Skype by using Wireshark - I've seen it done.

So, how can I do that?

(03 Mar '15, 15:13) Bellzemos

O.K. looks like they are using some form of P2P protocol via UDP to stream the cam videos directly between the clients. Well, in that case you should see the IP address of the other side. Looks like this is only done for Video chats, not text chats (are being relayed via the Omegle servers). Maybe that's the reason why you can't find the IP.

(03 Mar '15, 15:36) Kurt Knochner ♦

@ Kurt - you were right, I tried the video thing and I was able to get the right coutry from the captured IP but not necesarily the city. Do you know if this would work on Skype as well?

Also, a bit off topic: does using and having Wireshark installed on a Windows PC pose any kind of security risk?

Thank you!

(04 Mar '15, 12:59) Bellzemos

Do you know if this would work on Skype as well?

maybe. Google will tell you ;-)

Also, a bit off topic: does using and having Wireshark installed on a Windows PC pose any kind of security risk?

maybe not for you :-)

Well, actually there is a theoretical risk. Wireshark is a piece of software where a few hundred people contributed code to. Nobody will guarantee that there are no security related bugs in Wireshark, especially not for the dissectors.

So, the honest answer is: Yes running Wireshark could pose a risk if you are processing capture data (pcap file or captured on the wire) with traffic that triggers a buffer overflow in one of the dissectors. That would be really bad, even though Wireshark has some privilege separation. Anyway, this is all theoretical and I don't know any proof of concept that shows how to do that.

So, the good news for you: Go ahead and use Wireshark.

But, if your computer starts to make strange sounds....

     RUN !!! 

or even better "Duck and Cover" ;-))

https://www.youtube.com/watch?v=IKqXu-5jw60

(04 Mar '15, 16:00) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×549
×205
×166
×4
×1

question asked: 03 Mar '15, 12:27

question was seen: 11,654 times

last updated: 04 Mar '15, 16:04

p​o​w​e​r​e​d by O​S​Q​A