Hello, I am a naive user of wireshark. I am working on a project that requires capturing packets of Skype. However, this application uses random port and it keeps changing it's port periodically and randomly. Is there any way to capture packets of such an application? Thanks. asked 21 Aug '16, 04:25 harshil7924 edited 21 Aug '16, 04:26 |
If you capture all traffic, then by definition, even if the port changes, you will have those frames on the new port. I think that answers your question, but I suspect you really want more: you want to capture the frames, and easily identify them for some type of analysis.
Is there anything in the packets themselves that help identify what they are? Any other information that is consistent across the packets, that is NOT related to TCP or UDP port?
Some protocols require special helper modules for handling. For example, FTP uses a separate port for data transfer and can be random so most firewalls have difficulty with this random port change. The helper module follows the command stream and detects the port change and then auto-configures appropriately to allow for this. Maybe your protocol has such a module, and you can make use of it somehow? For instance, if this exists, you could be all set:
Sniffing using iptables - https://www.honeynet.org/node/691
Thanks Jones for answer. My project is just about Skype traffic classification and analysis. I need to capture the Skype traffic and train my classifier. The payload of Skype packets are encrypted, so I can't identify on basis of them.