Open In App

HPFEEDS in Wireshark

Last Updated : 28 Oct, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Wireshark is one of the most used network analyzers used by cyber security engineers, students, researchers, etc. It was designed in such a way to work with nearly all types of protocols like Bluetooth Attribute Protocol, HTTP, TCP, AVCTP, Foundry Discovery Protocol (FDP), HPFEEDS, LTE, etc. It provides good documentation which makes it easy for beginners. It is also free to use hence it became the first choice of amateurs as they don’t need to pay for such an advanced tool. It is used for many purposes like troubleshooting, development, network sniffing, analysis, and much more. It is available for Windows users apart from Linux users.

Honeypots can be understood as software systems that are designed to act as replicas of original systems to use them as bait to attackers in order to find out vulnerabilities and security loopholes. The data captured using honeypots are used in research purposes to make more secure systems against viruses, malware, and Trojans. HPFEEDS (Honeypot Feeds ) is a protocol that is used for subscribing and publishing to a data feed system. It is a lightweight protocol and is able to support binary payloads. It was mainly designed to exchange data of honeypot events between cybersecurity engineers and Hpfeeds brokers. 

HPFEEDS in Wireshark:

It is an essential tool in Wireshark that is used to show the payload size on each channel along with the opcodes of captured data packets. When the honeypot event data is transferred by a Hpfeeds broker to its client then such data if captured using Wireshark is separated and put in a separate window which is HPFEEDS. Payloads can be easily captured and analyzed through the HPFEEDS window. HPFEEDS windows can be found under the Statistics tab in Wireshark, see the below picture.

Statistics Menu in Wireshark

 

Click on HPFEEDS to open a new window for detailed information

HPFEEDS in Wireshark

 

HPFEEDS in Wireshark

 

This new window has many fields which tell a lot about the captured data packet

  • Topic/Item: This field is used to show the information related to address message fields of captured data packets, these can be Subsequent Address Messages (SAM), Address Complete Messages (ACM), etc.
  • Count: Count field is used to show the count of a particular type of data packets of Honeypot event captured data.
  • Average: This field is used to indicate the average value of captured data packets of a particular type.
  • Min Value: It shows the minimum value of the data field.
  • Max Value: It is used to show the maximum value of the data field.
  • Rate: It is the data transfer rate, the speed at which data is transferred from one end to another.
  • Percent: It shows the percentage of captured data in each packet of HPFEEDS.
  • Burst Rate: It is basically the upper limit of transmitting any data in a particular period of time.
  • Burst Start: It depicts the time point when the burst happens.

All the data can be copied and saved for later use. 


Like Article
Suggest improvement
Next
History of Wireshark
Share your thoughts in the comments

Similar Reads

SNMP Users Table in Wireshark
SMI (MIB and PIB) Paths in Wireshark
Viewing Packets You Have Captured in Wireshark
ONC-RPC Programs in Wireshark
Bluetooth Devices in Wireshark
Steps of Marking Packets in Wireshark
MATE’s Configuration Library in Wireshark
ARP in Wireshark
HART-IP in Wireshark
Packet Details Pane Functions in Wireshark

J
jyotirajpoot
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox