This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm new to Wireshark, and packet capture, so please excuse my ignorance.

I've installed Wireshark on my iMac, which is connected to an Apple Time Capsule/Airport via both ethernet and 802.11n (WPA/WPA2). I also connect my iPhone and iPad to the same Airport. What I'd like to like to do is capture all traffic from either or both of these devices. I have the IP and MAC addresses for each device, but am not sure how to create a filter to capture them.

I've poked around in the wiki, user docs, and this discussion board, but haven't been able to find much that can help me. Any suggestions?

Thanks, in advance.

asked 08 Feb '11, 17:19

kappabear's gravatar image

kappabear
1111
accept rate: 0%

Was there ever a resolution to this? I tried an article from - http://www.cardinalpeak.com/blog/?p=519 but it didn't work. Once I setup the computer-to-computer network, I couldn't see any interfaces to capture in Wireshark.

(22 Mar '11, 07:35) dekstrom

I found an article online, and followed the instructions below.

Start Wireshark, ignore the dialog boxes (there should be one informing you about a potentially long startup time, and one about missing stuff while loading MIBs). Open the Capture menu, and select Intefaces. Identify your WiFi interface (en1), click the Options button, change the Link-layer header type to IEEE 802.11 plus radiotap WLAN header, and enable Promiscuous mode.

However, I still wasn't able to capture any traffic from my iPhone. All I see is my router broadcasting it's SSID names.

Any suggestions? I'm trying to do this, as I'd like to know which off the apps I use, send in ClearText.

permanent link

answered 08 Feb '11, 18:34

kappabear's gravatar image

kappabear
1111
accept rate: 0%

Use Debookee, a Mac OS X application which can intercept the traffic of any device on your network.

  • Scan your network and discover your iPhone and iPad
  • Select your iPhone and iPad as Targets
  • Their traffic is now intercepted, you'll see all protocols used and URLs visited: HTTP, HTTPS, TCP, SIP etc, ...
permanent link

answered 23 Dec '12, 13:12

David5774's gravatar image

David5774
(suspended)
accept rate: 0%

How is a Mac OS X product related to iPhone/iPad?? Can you please stop spamming the site with your numerous advertisements for your product?

Thank you!

Regards
Kurt

(23 Dec '12, 13:47) Kurt Knochner ♦

Well, I guess it is kinda related since it claims to be able to capture any traffic on the network. My guess is that it is basically just an ARP spoofing/capturing tool like Cain&Abel does for Windows - but wait, this one costs money, C&A doesn't ;-)

Still, @David5774, you should stop spamming the site with advertisements to commercial tools or someone might get angry...

(23 Dec '12, 18:07) Jasper ♦♦

If your iPhone/iPod touch/iPad is running iOS 5 or later, you could set up a remote virtual interface and capture IP traffic to or from the iPhone/iPod touch/iPad.

permanent link

answered 24 Dec '12, 02:32

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×36
×26
×10
×3

question asked: 08 Feb '11, 17:19

question was seen: 69,051 times

last updated: 24 Dec '12, 02:32

p​o​w​e​r​e​d by O​S​Q​A