1 | initial version |
When I try to capture from the mobile device I get errors that tshark can't set promiscuous/non-promiscous mode
That''s probably because the mobile phone modem doesn't support promiscuous mode.
If you want to capture traffic to and from your machine, you don't need promiscuous mode.
If you want to capture traffic on the mobile phone network between other devices and the network, you will probably need a fairly exotic device that, as far as I know, is not available to ordinary users; I don't know how to get such a device. You may also have to somehow decrypt that traffic, which may be somewhere between "difficult" and "impossible".
If all you want is to capture traffic to and from your machine, then:
There are some changes that it might be possible to make to libpcap, and to Wireshark, so that it won't even offer a "promiscuous mode" checkbox for devices that don't offer promiscuous mode, at least on Windows (on UN*Xes, devices that don't support promiscuous mode tend to just ignore requests to enable it, rather than reporting an error), which would make this less of a nuisance. Those are significant API changs to libpcap, and significant code changes to Wireshark, however, so they won't happen soon.