This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

No Packets displayed

1

Hey there, i got a wired problem.

I think i figured out how to use Wireshark, i can capture my own packets. But now I want to capture packets of my Ipod which is on the WLAN too.

I have a Macbook Pro mid 2010 and Im running in Monitor Mode to get all the traffic, it also seems to capture packets. The number at the bottom which says "Packets" increases with the time but "Displayed" is always 0.

On my macbook it works, but trying to do it on the wlan doesnt. Did I do anything wrong?

Thanks for your help.

asked 13 Aug '11, 09:13

MrBonsai's gravatar image

MrBonsai
16112
accept rate: 0%

Do you have a display filter? If so, what is the filter?

(13 Aug '11, 13:13) Guy Harris ♦♦

One Answer:

2

I am not an expert, but i think i can give you a tip.

To see packets sent by devices different that the one where wireshark is installed, you need to perfform a MITM(Man In The Middle) attack.

This means that your MacBook(The Man in The Middle in this case) attack the network(Ussing Arp Poissoning technique), and place it self between the iPhone and the Access point used to go to the internet.

alt text

Once you become the man in the middle, turn on wireshark capture at your NIC to see the traffic.

I recommend you to google around for MITM and ARP Poisoning. Also you will need some other gadgets besides wireshark, have a look at Ettercap

I don't know if this technique will work, when an iPhone device is involved, i never tried. But i see no reason why not.

answered 18 Aug '11, 06:53

sfrj's gravatar image

sfrj
746
accept rate: 0%

edited 18 Aug '11, 06:53