 | 1 | initial version |
You'll want to filter by as many elements as are unique to the traffic you are looking at. If you can filter only by your wlan MAC address of the Alfa device, you should do so. Such a filter looks like <existing filter> and (wlan addr1 <wlan mac> or wlan addr2 <wlan mac>).
You should also take a look at, ring buffers (-b) and snaplen (-s) to further decrease the size of the capture. Ultimately, this is a chicken-and-egg problem because you want to use a capture filter to limit traffic to http, but can only ascertain whether the packets are http after decrypting post-capture.
Noting that this is semi-related to your previous question about Wireshark not decrypting HTTP POSTs.
| | 2 | No.2 Revision |
You'll want to filter by as many elements as are unique to the traffic you are looking at. If you can filter only by your wlan MAC address of the Alfa device, you should do so. Such a filter looks like
<existing filter> and (wlan addr1 <wlan mac> or wlan addr2 <wlan mac>).
You should also take a look at, ring buffers (-b) and snaplen (-s) to further decrease the size of the capture. Ultimately, this is a chicken-and-egg problem because you want to use a capture filter to limit traffic to http, but can only ascertain whether the packets are http after decrypting post-capture.
Noting that this is semi-related to your previous question about Wireshark not decrypting HTTP POSTs.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
