I am trying to capture traffic generated by an IPhone 6. I am using Wireshark 2.0.5 and when I filter the traffic based on the IP address of the IPhone no packets appear on the screen. I had the IPhone 6 owner browse to the Internet, and he could successfully connect to Google. This should have sent out some packets of his IPhone 6 to get Google's website. Is there anything I need to do in Wireshark or possibly in the router to see his traffic through Wireshark? Or is it simply not possible to capture IPhone 6 traffic through Wireshark? Thank you. asked 05 Oct '16, 21:27  Dylan |
One Answer:
It's definitely possible to capture this traffic if you have the right tools. You have some options - do you need the traffic as wireless, or is wired acceptable (i.e. after it hits the AP and is bridged to the local wired network)? Depending on what you are trying to do will determine what you need here. If at all possible, I try to get wired traffic. However, not all problems are solvable with this data. It all depends. Some links to get you started: https://wiki.wireshark.org/CaptureSetup especially these two links at the bottom: Capturing on Ethernet Networks Capturing on 802.11 Wireless Networks If you are just starting out and 'playing', I would try to get some sort of tap or switch with mirror port and play with wired traffic for a while. Your IP filter would then work. When you are comfortable here, move to wireless. That is much more difficult and complex, but it is a natural progression. The cheapest mirror port switch I have found is something like this: tp-link sg105e NETGEAR ProSAFE GS105Ev2 https://routerboard.com/RB941-2nD-TC On Amazon here in the US these can be had from $US 25-40. Well worth it for mirror port functionality. answered 06 Oct '16, 03:04  Bob Jones |
