Hi there. Im having a bit of difficulty trying to decipher all the packet info on my machine and was looking for a way to detect the information easier. Im looking to detect a facebook successful login via wireshark as well as detecting if a user uses the chat feature. But i have no idea what all these packets are that are showing up. Is there a filtering option that can be setup just to detect facebook information? cheers asked 05 Jul '11, 04:01 jgraham95 |
3 Answers:
Assuming the monitored Facebook chat users are not using IM-encryption clients, you can watch Facebook chat messages by applying this display filter: Login is encrypted over SSL, so it would be difficult (if not impossible) for a display filter to detect whether a login is successful. You can, however, detect SSL Facebook traffic (which might be for login) using this display filter: EDIT: Facebook supports Secure Browsing, which encrypts all Facebook traffic, including chat messages. They've also updated their chat protocol. See recent post. answered 05 Jul '11, 22:43 helloworld edited 22 Jan '12, 08:31 |
The easiest way to follow facebook chats is to use the search function. Use the searchstring 'subject":"","body":"' and search for the string in the packet bytes. As result you see only the text which is displayed on the users screen, no matter whether the transmission is encrypted or not. answered 22 Jan '12, 01:30 Anon 1
That's incorrect. If one were easily able to read encrypted traffic simply by using search functions in Wireshark (or any other packet sniffer), that would defeat the purpose of encryption. You can prove this to yourself by enabling "Secure Browsing" in Facebook ( (22 Jan '12, 08:23) helloworld The above described search shows the html-packages, which are displayed on the receivers screen and not the encrypted message package. I for myself use facebook with secure browsing and can read my own messages in the captured traffic easily, even so there are encrypted in the relevant packages. Don't ask me why, but I tested it this way, and was astonished that i could read it anyway.... (25 Jan '12, 08:22) Anon It should be obvious that your chat message(s) are not actually encrypted (in your particular case). To say that Facebook chats are readable in Wireshark despite it being encrypted is overgeneralizing. I've confirmed that Secure Browsing still (as of today) encrypts my chat messages as well as other Facebook traffic. However, I did notice a small hiccup immediately after setting Secure Browsing from off to on: one of my chat messages came through in cleartext, but encryption took effect thereafter. Rest assured, your chat messages are secure (except the first one sometimes ;). (25 Jan '12, 17:05) helloworld |
i don't know answered 16 Oct '11, 18:59 dyess002 ok, so what would a facebook packet look like? (16 Oct '15, 11:31) Steve328 |
thanks again. :)