search

shramos / polymorph

Polymorph is a real-time network packet manipulation framework with support for almost all existing protocols
GNU General Public License v2.0
445 stars 61 forks source link

Capture CoAP #6

Closed TobalOW closed 5 years ago

TobalOW commented 5 years ago

Hi,

Im trying to capture packets that contains the Constrained Application Protocol but i cant succeed. CoAP uses UDP with the port 5683, im capturing with only BFG notation "udp" and without filters but i cant reach to the packets.

screenshot from 2019-01-20 19-45-42 screenshot from 2019-01-20 19-46-35

At the same time, i capture the packets with Wireshark.

My env: SO: Ubuntu 18.04 Kernel: Linux 4.15.0-43-generic

shramos commented 5 years ago

Hi!, first of all, thank you for your comment and for using the project. I just did a test with the CoAP protocol, and apparently I have no problem to capture the packets and dissect them correctly. I attached an example:

coap1 coap2

Sometimes it is possible that the first dissectors of Polymorph are not able to dissect some protocols, in this cases you can use the dissect command after using the capture to see if advanced dissectors are capable of detecting it. After applying this command, the CoAP protocol should be detected correctly.

(Another way to perform the advanced dissection is simply by accessing one of those templates that appear with the RAW layer using the template command, the advanced dissectors will be applied automatically and Polymorph will try to interpret that RAW layer that has not been able to be dissected in the first capture)