So, I am able to view/decrypt packets over my WPA network as long as I captured the setup packets. However, there are a TON of broadcast packets that junk up the captured packets. I'm just interested in the HTTP traffic. Filtering works fine, but I would much rather set up a capture filter so my logs stop getting so huge and hard to manage. But if I do some sort of HTTP capture filtering (e.g. port 80), I never get the capture packets so don't even know if it IS HTTP traffic... How do I fix this?
asked 30 Aug '13, 18:25
You can't as the traffic is encrypted and as you already realized, there is no way to know if an encrypted packet contains a HTTP frame. Therefore you cannot build a capture filter for HTTP traffic.
To reduce at least some traffic, you can filter on the MAC address of the AP and your client. See my answer to a similar (kind of) question.
answered 31 Aug '13, 15:17
Kurt Knochner ♦