I have been capturing packets in my subnet and was particularly interested to monitor traffic from my iPhone. However I didn't capture any packets excerpt for those with MDNS and IGMPv2 protocols. I was browsing, using apps on my iPhone and didn't monitor any activity. But when I monitor my laptop I get all types of packets including TCP and UDP. Why do I see only two types of packets from my iPhone? asked 12 Mar '16, 11:14 Leek |
One Answer:
Not enough information in your question, so I have to I guess that you are using promiscuous mode on your laptop's wireless network adaptor, which means you can see only broadcast packets from your iPhone (and unicast packets towards your laptop if any would be sent). To see unicast packets from your iPhone, you need to use monitoring mode on your laptop. This is currently only possible with Linux or OS X; on Windows, you need the AirPcap hardware and its corresponding drivers to do that. See details regarding difference between promiscuous and monitoring mode and possibilities and limitations on various OSes here. answered 12 Mar '16, 11:30 sindy |
Yes, I did use promiscuous mode and I have Windows. Thank you for clarification!
If you don't care about the local traffic of the iPhone and it would be enough for you to capture its communication to the internet, a workaround could be to run the capture at the WiFi router itself or, if there is more than a single box between your CATV/telephone line and the WiFi antenna, using one of the capturing methods applicable at wired Ethernet between the access point / router / CATV/ADSL modem.