This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Doesn’t seem to be able to capture the packets

Hi, I've been trying to capture Telegram messaging application's packets (for my class project) but I couldn't get anything out of the punch of captured packets I got.

Telegram does AES-256 encryption over the users' messages and then send it using normal-Not SSL-transportation protocols (e.g. TCP,HTTP,UDP, etc..)

I tried these capturing scenario:

Connecting both mobile phones (sender & receiver) to the same access point that my Laptop-where wireshark is running-connected to.
making my laptop as an access point where the two phones are connected to (that's to make sure the packets go through the NIC card in case the router is not allowing packet to be broadcasted)

So in my capture filter I tried many filters I assume the most relevant are :

HTTP only: I got many packets, which is useless to check every single one of the 269386 packets captured. that is in the case of scenario one of the capturing trials. So I modified the filter and come up with the second filter.
HTTP with my mobile phone IP address (i.e http && ip.addr) but I got no packets at all. though my phone is the sender (in both capturing scenarios).

Any ideas what's wrong or what I'm missing here

P.S wireshark is set in promiscuous mode

filter capture promiscuous wlan tcp

asked 20 Dec '14, 07:41

captin
11●2●2●4
accept rate: 0%

One Answer:

Any ideas what's wrong or what I'm missing here

MTProto supports TCP/UDP and HTTP. If you did not ensure that the client was using HTTP, you won't see anything with the filter http !!

You should better filter for the client IP address and the destionation port, based on the client protocol.

ip.addr eq x.x.x.x and tcp.port eq yyyy

Regards
Kurt

answered 27 Dec '14, 08:53

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%