Ask Your Question
0

How can I capture network traffic from my smart TV?

asked 2020-03-27 01:39:45 +0000

Hi,

I'm new to wireshark but have been using it to capture traffic on my wireless network. I notice that when I'm streaming TV like Netflix or Amazon prime, I can only see the ARP requests from my TV looking for the gateway. Shouldn't I be able to see the incoming network traffic from the streaming provider and at least see the UDP packets encrypted?

I'm using Ubuntu 18.04 on the computer running Wireshark and have Wireshark version 3.2.2. I have the RTP protocol checked in the edit -> preferences -> Protocols section.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-03-27 02:00:25 +0000

Guy Harris gravatar image

wireless

If you're capturing in monitor mode, and you're seeing a lot of "802.11" packets being captured, first read the "How to Decrypt 802.11" page on the Wireshark Wiki (a helpful collection of resources). Your network is probably "protected" with some form of Wi-Fi Protected Access (WPA), which is a system for encrypting Wi-Fi packets to make it harder to sniff the network (yes, the fact that it's hard to use Wireshark to sniff Wi-Fi networks is a feature - of Wi-Fi).

That document will tell you how to attempt to decrypt the packets - and how to capture traffic so that it can be decrypted (to decrypt traffic to and from some other machine, your capture has to include the process of that machine associating with the network, so you may have to restart it, or disconnect it from the network and reconnect it, while Wireshark is capturing).

If you're not capturing in monitor mode, you won't see unicast packets, such as streaming traffic, to or from that machine; you'll only see broadcast traffic - such as ARP requests. See the "Linux" section of the "WLAN (IEEE 802.11) capture setup" page of the Wireshark Wiki for information on how to capture in monitor mode (OS vendors seem to go out of their way to make it difficult for an application to just say "please capture on this adapter in monitor mode", so libpcap's ability to do that is somewhat limited; maybe someday I'll have time to make that better).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-03-27 01:39:45 +0000

Seen: 388 times

Last updated: Mar 27