I have a large amount of packet capture data and a lot of it is unencrypted X11 remote screen/desktop sharing images/traffic. However I cannot seem to get wireshark to export those streams as anything that can be read by any image viewing software. I know it is not quite that simple, but I would like to be able to reconstruct the images that were passed in the X11 session to demonstrate to leadership that it is possible the way the hosts are currently configured (they should be encrypting the X11 communications). I do have permission to be doing this on our network. Any less-than-painstaking-and-eye-stabbing methods for reconstructing the screen images from the X11 packets? Thanks for any thoughts. asked 26 May '16, 15:57  user5273 |
One Answer:
Not as far as I know. The X11 dissector hasn't been written to allow saving/export of images. It possibly could be but the functionality is not there now. (Some dissectors have functionality to save/export objects transferred via them--files over SMB come to mind--but X11 does not.) answered 27 May '16, 10:55  JeffMorriss ♦ |
...which means nothing more than that the hypothetical eavesdropper would need to spend some more effort than just to download Wireshark. Maybe a replay of the captured X11 stream to an X client would be enough for your purpose of demonstration to the management that the issue is serious?