This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello!

So, I am able to view/decrypt packets over my WPA network as long as I captured the setup packets. However, there are a TON of broadcast packets that junk up the captured packets. I'm just interested in the HTTP traffic. Filtering works fine, but I would much rather set up a capture filter so my logs stop getting so huge and hard to manage. But if I do some sort of HTTP capture filtering (e.g. port 80), I never get the capture packets so don't even know if it IS HTTP traffic... How do I fix this?

Thanks!

asked 30 Aug '13, 18:25

orisqu's gravatar image

orisqu
11224
accept rate: 0%


But if I do some sort of HTTP capture filtering (e.g. port 80), I never get the capture packets so don't even know if it IS HTTP traffic... How do I fix this?

You can't as the traffic is encrypted and as you already realized, there is no way to know if an encrypted packet contains a HTTP frame. Therefore you cannot build a capture filter for HTTP traffic.

To reduce at least some traffic, you can filter on the MAC address of the AP and your client. See my answer to a similar (kind of) question.

http://ask.wireshark.org/questions/24107/filter-capture-based-on-80211-signal-strength

Regards
Kurt

permanent link

answered 31 Aug '13, 15:17

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×184
×23
×21

question asked: 30 Aug '13, 18:25

question was seen: 1,761 times

last updated: 31 Aug '13, 15:17

p​o​w​e​r​e​d by O​S​Q​A