This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capturing Between Wireless Router & Cable Modem Problem

Hi.

I am trying to capture packets bewtween my iPad and the Internet. Since I cannot capture directly from the iPad, I'm using the hub-and-laptop approach.

I have placed a hub between my wireless router and my cable modem, and I have also attached my laptop to the hub, so I can use Wireshark to capture all the traffic going through the hub. So far, so good... the iPad is still communicating successfully with the Internet, via the wireless router.

However, when I start capturing packets, I find that I'm only seeing packets in one direction!! It's obvious that packets are going in both directions, since, again, the iPad is communicating successfully.

Is there something fundamentally wrong with my setup?

Thx for any enlightenment.

ipad hub cable_modem

asked 27 Apr '11, 18:10

feenyman99
96●22●22●26
accept rate: 25%

3 Answers:

The Wireshark wiki warns of dual-speed hubs:

Note that "dual-speed" hubs that support both 10MBit and 100MBit ports might not send all unicast traffic between 10MBit and 100MBit ports; if so, you can only capture all traffic between hosts whose Ethernet interfaces are both running at the same speed as the Ethernet interface on the machine capturing traffic.

Does the warning apply in your case?

You might also be interested in this and this, which recommends using a WiFi proxy. Yet another alternative is to jailbreak your iPad and use tcpdump (installed from Cydia).

answered 27 Apr '11, 20:26

helloworld
3.1k●4●20●41
accept rate: 28%

1	or use a low cost, portable, port mirroring switch between the AP and cable modem. answered 27 Apr '11, 22:11 Jaap ♦ 11.7k●16●101 accept rate: 14%

Hmmm... It is a 10/100 hub (Netgear dual speed hub DS104), so I guess this could be the problem, but I have used it many, many times before without any issues whatsoever. The only difference in this current configuration, from previous ones, is that the hub is between a wireless router (Linksys WRT54GS) and a cable modem (Arris TM502G) [on my home LAN]. In the past, I have typically used it between a workstation and its wall jack [at work].

I'm about to try something else... Instead of tapping into the hub with my laptop, I will use my desktop, to see if that makes a difference.

One more thing... When I had the laptop plugged into the hub, I did NOT give it an IP address - its IP address was 0.0.0.0. Could this be the problem? (I was reluctant to give it an IP address, because it's on the ISP's side of the router, in their IP space, rather than in my home LAN space.)

Thx again y'all.

answered 28 Apr '11, 06:43

feenyman99
96●22●22●26
accept rate: 25%