This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture my wireless (iPhone & iPad) traffic

I'm new to Wireshark, and packet capture, so please excuse my ignorance.

I've installed Wireshark on my iMac, which is connected to an Apple Time Capsule/Airport via both ethernet and 802.11n (WPA/WPA2). I also connect my iPhone and iPad to the same Airport. What I'd like to like to do is capture all traffic from either or both of these devices. I have the IP and MAC addresses for each device, but am not sure how to create a filter to capture them.

I've poked around in the wiki, user docs, and this discussion board, but haven't been able to find much that can help me. Any suggestions?

Thanks, in advance.

ipad airport wpa2 iphone

asked 08 Feb '11, 17:19

kappabear
1●1●1●1
accept rate: 0%

Was there ever a resolution to this? I tried an article from - http://www.cardinalpeak.com/blog/?p=519 but it didn't work. Once I setup the computer-to-computer network, I couldn't see any interfaces to capture in Wireshark.

(22 Mar '11, 07:35) dekstrom

3 Answers:

I found an article online, and followed the instructions below.

Start Wireshark, ignore the dialog boxes (there should be one informing you about a potentially long startup time, and one about missing stuff while loading MIBs). Open the Capture menu, and select Intefaces. Identify your WiFi interface (en1), click the Options button, change the Link-layer header type to IEEE 802.11 plus radiotap WLAN header, and enable Promiscuous mode.

However, I still wasn't able to capture any traffic from my iPhone. All I see is my router broadcasting it's SSID names.

Any suggestions? I'm trying to do this, as I'd like to know which off the apps I use, send in ClearText.

answered 08 Feb '11, 18:34

kappabear
1●1●1●1
accept rate: 0%

Use Debookee, a Mac OS X application which can intercept the traffic of any device on your network.

Scan your network and discover your iPhone and iPad
Select your iPhone and iPad as Targets
Their traffic is now intercepted, you'll see all protocols used and URLs visited: HTTP, HTTPS, TCP, SIP etc, ...

answered 23 Dec '12, 13:12

David5774
(suspended)
accept rate: 0%

How is a Mac OS X product related to iPhone/iPad?? Can you please stop spamming the site with your numerous advertisements for your product?

Thank you!

Regards
Kurt

(23 Dec '12, 13:47) Kurt Knochner ♦

Well, I guess it is kinda related since it claims to be able to capture any traffic on the network. My guess is that it is basically just an ARP spoofing/capturing tool like Cain&Abel does for Windows - but wait, this one costs money, C&A doesn't ;-)

Still, @David5774, you should stop spamming the site with advertisements to commercial tools or someone might get angry...

(23 Dec '12, 18:07) Jasper ♦♦

0	If your iPhone/iPod touch/iPad is running iOS 5 or later, you could set up a remote virtual interface and capture IP traffic to or from the iPhone/iPod touch/iPad. answered 24 Dec '12, 02:32 Guy Harris ♦♦ 17.4k●3●35●196 accept rate: 19%