Wireshark VS wstunnel

To begin with Wireshark, visit their official website for the download. The installation process is straightforward, but attention should be paid to the installation of command-line tools, which may require separate steps. Upon launching Wireshark, users are greeted with a selection of network interfaces as seen below. Choosing the correct interface, such as the loopback for local server debugging, is crucial for capturing relevant data.

Wireshark

If you're very curious as to what is really going on under the hood, I recommend you familiarize yourself with port mirroring for your switch platform of choice, and then use a laptop in promiscuous mode to capture traffic using Wireshark. Failing that, hire a network engineer to interview one of their sales engineers or architects, and have them explain it to you.

You should do a hands fins-on lab with Wireshark.

A great way to test the effectiveness of a pinning implementation is by simulating an MITM attack. Tools like Mitmproxy or Wireshack allow us to create a test environment to monitor, intercept, and proxy network requests for a test host.

They even have a nice comment explaining the heuristic: https://github.com/wireshark/wireshark/blob/ef9c79ae81b00a63...

     * Heuristics to detect the WireGuard protocol:

This has been put together for Wireshark, starting on line 1520 https://github.com/wireshark/wireshark/blob/master/epan/dissectors/packet-cip.c

Obviously based on the question you know the answer is a Wireshark-like software and it boils down to how you classify Wireshark. My issue is that Wikipedia refers to it as a Packet Analyzer, Varonis refers to it as a Packet Sniffer, Wireshark refers to itself as a Network Protocol Analyzer, Kali documentation refers to it as a Network Sniffer, Wireshark's README refers to itself as a Network Analyzer OR Sniffer...

wstunnel - Proxies over WebSockets. Focus on proxying from behind networks that block certain protocols. Written in Rust with executables provided.

Shameless plug, there is also wstunnel (i am its author) https://github.com/erebe/wstunnel/, hope you enjoy.

If you want to tunnel UDP (WireGuard) or TCP (SSH) over WebSocket protocol, check out https://github.com/erebe/wstunnel

While working in an environment where VPN connections were pretty much all blocked⁰ a friend of mine had success using https://guacamole.apache.org/ to access a remote machine¹. Not quite the same as a direct VPN connection but worth a try if nothing else functions, it looks enough like normal HTTPS traffic that he got away with it.

To keep your wireguard setup more as-is, you could try https://kirill888.github.io/notes/wireguard-via-websocket/ to tunnel that via a web server. In fact https://github.com/erebe/wstunnel which that uses could be used just as well with any other UDP based VPN.

I once tinkered with https://github.com/yarrick/iodine and successfully connected to resources over the wireless on a train, bypassing its traffic capture and sign-up requirement, so that might be an option, though I think fully blocking external DNS is more common now so this is less likely to work²³.

--

[0] practically only HTTP(S) permitted, not even SSH, DPI in use that detected just using SSH or OpenVPN over port 443

[1] NOTE: be careful breaching restrictions like this, you are at risk of an insta-sacking if discovered, or worse if operating in some securiry environments!

[2] and the latency when it does work is significant!

[3] and that much traffic over port 53 might get noticed by the heuristics of data exfiltration scanner, encouraging sysadmins to notice and implement a way to block it

You can try with this project, https://github.com/erebe/wstunnel.

There are projects out there (like this) which run wireguard traffic through websocket.