You are not logged in.
- Topics: Active | Unanswered
#1 2015-06-13 15:08:21
- maggie
- Member
- Registered: 2011-02-12
- Posts: 255
Wireshark not seeing all traffic
I want to use wireshark to see traffic coming off of my iphone to see which urls it connects to while idle. I have it setup with myself in the wireshark group as the wiki shows but when I begin to capture on my laptop, I don't see any traffic coming from my iphone's IP address when I browse websites or check my email from the phone. I don't understand why.
I am not getting errors from wireshark-qt so I believe my hardware is functioning. I also see the wifi in promiscuous mode in dmesg.
Offline
#2 2015-06-13 16:24:41
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,351
Re: Wireshark not seeing all traffic
I will make the assumption that your iPhone is associated with your router 
Also, that you are using your wifi on your laptop and do not also have a wired link to the router.
Is your router a single band router?If not, and you've a dual band router, is it possible that the laptop is on a g network and the iphone on an n network?
Finally, here is where I get a bit fuzzy -- I think that the router has to cooperate for two devices on the network to (at the level that Wireshark is operating) to be able to "see" each other. You might need to change your router settings to allow wireshark to sniff other machines packets. In other words, the AP is probably acting like a switch rather than a hub.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline
#3 2015-06-13 17:39:56
- maggie
- Member
- Registered: 2011-02-12
- Posts: 255
Re: Wireshark not seeing all traffic
Yes, only 2.4 GHz band set to use N-only mode with 40 MHz channel width. All connections are N and the router (runs tomatousb) is setup for gateway mode (default).
Offline
#4 2015-06-14 19:40:24
- herOldMan
- Member
- Registered: 2013-10-11
- Posts: 154
Re: Wireshark not seeing all traffic
You want to be the man-in-the-middle. I do this by spoofing the target into thinking I am the router. I do this all with ettercap gtk.
There are other ways. For example, with two NICs, become a wireless access point and connect to it from the phone.
Offline
#5 2015-06-14 21:13:56
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,351
Re: Wireshark not seeing all traffic
^^^ That, I think, is the correct answer. This article shows how to set up your system to act as a router.
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
Sometimes it is the people no one can imagine anything of who do the things no one can imagine. -- Alan Turing
---
How to Ask Questions the Smart Way
Offline