This is our old Q&A Site. Please post any new questions and answers at

I have a large amount of packet capture data and a lot of it is unencrypted X11 remote screen/desktop sharing images/traffic.

However I cannot seem to get wireshark to export those streams as anything that can be read by any image viewing software. I know it is not quite that simple, but I would like to be able to reconstruct the images that were passed in the X11 session to demonstrate to leadership that it is possible the way the hosts are currently configured (they should be encrypting the X11 communications). I do have permission to be doing this on our network.

Any less-than-painstaking-and-eye-stabbing methods for reconstructing the screen images from the X11 packets?

Thanks for any thoughts.

asked 26 May '16, 15:57

user5273's gravatar image

accept rate: 0%

Not as far as I know. The X11 dissector hasn't been written to allow saving/export of images. It possibly could be but the functionality is not there now. (Some dissectors have functionality to save/export objects transferred via them--files over SMB come to mind--but X11 does not.)

permanent link

answered 27 May '16, 10:55

JeffMorriss's gravatar image

JeffMorriss ♦
accept rate: 27%

...which means nothing more than that the hypothetical eavesdropper would need to spend some more effort than just to download Wireshark. Maybe a replay of the captured X11 stream to an X client would be enough for your purpose of demonstration to the management that the issue is serious?

(27 May '16, 15:26) sindy
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 26 May '16, 15:57

question was seen: 835 times

last updated: 27 May '16, 15:26

p​o​w​e​r​e​d by O​S​Q​A