This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t seem to capture only http traffic with wireless card

0

Hey there,

I am running Kali linux and I have a TP-Link USB adapter. I have also started airmon-ng for the wlan adapter, then selected it in Wireshark and started a capture. I can see all sorts of broadcast traffic on the 802.11 network but if I want to filter with something like tcp.port==80 that won't work. I have a test laptop next to me and I would like to be able to see the HTTP traffic that is sent from that when they are both connected to the same network

Is there a way I can get the card to see the actual protocol being used as it does when connected via ethernet? Right now the whole protocol column is 802.11 instead of seeing things like HTTP, HTTPS, SNMP, etc.

asked 21 May '14, 06:08

fac3l3ss's gravatar image

fac3l3ss
1111
accept rate: 0%


One Answer:

0

I can see all sorts of broadcast traffic on the 802.11 network but if I want to filter with something like tcp.port==80 that won't work.

sounds like your wifi traffic is encrypted. Do you have to enter a password while you connect to the wifi network?

If so, please read the wifi/wlan decryption Wiki.

http://wiki.wireshark.org/HowToDecrypt802.11

Regards
Kurt

answered 25 May '14, 11:30

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%