WiFi UDP does not show up in wireshark

asked 2020-10-29 22:05:11 +0000

w8erdbob@gmail.com gravatar image

updated 2020-10-30 10:29:18 +0000

grahamb gravatar image

Running Wireshark on a Mac. Have a wifi lan with the Mac, a PC, A wireless router and 2 iPhones running Grandstream Wave software. Wireshark shows all the traffic except the phones, which is the most critical for me. The Wave info says they use UDP for voice etc. How can I get Wireshark to show the phones traffic?

edit retag flag offensive close merge delete

Comments

So you're seeing the traffic to and from the PC? If so, did you have to enter a network password into Wireshark to see the traffic?

And the phones are associated with the Wi-Fi network (they show the Wi-Fi icon at the top)?

Guy Harris gravatar imageGuy Harris ( 2020-10-30 00:24:32 +0000 )edit

Yes I see the PC traffic. No passwords in any devices. The phones show wifi at the top. The wireless router assigns ip addresses to all the devices, including the phones.

Bob

w8erdbob@gmail.com gravatar image[email protected] ( 2020-10-30 12:10:05 +0000 )edit

No passwords in any devices.

So you're saying your Wi-Fi network is unprotected, and has no password associated with it?

Guy Harris gravatar imageGuy Harris ( 2020-10-30 19:19:27 +0000 )edit

Yes. No passwords.

w8erdbob@gmail.com gravatar image[email protected] ( 2020-10-30 19:29:02 +0000 )edit

So if you:

  • turn the PC off, disconnect it from the wireless network, or put it to sleep, so that it's not generating any traffic;
  • disconnect the Mac from the wireless network, so that it's not generating any traffic - but don't turn the Wi-Fi adapter off;
  • try to capture, in monitor mode, on the Mac;
  • use the iPhones to both go to Web site and use the Grandstream Wave software to make calls;

what traffic do you see?

Guy Harris gravatar imageGuy Harris ( 2020-11-01 06:26:22 +0000 )edit

Thanks Guy! The Mac does not allow disconnection from all wifi networks, but if I connect to some other network on a different subnet, I assume that will work, if filtered out. I searched the manual, but I cannot find info on how to put the Mac into Monitor mode. Please advise.

w8erdbob@gmail.com gravatar image[email protected] ( 2020-11-01 13:50:27 +0000 )edit

The Mac does not allow disconnection from all wifi networks

In the Wi-Fi preferences pane, if it's connected to the network you're trying to capture on, un-check the "Automatically join this network", turn the Wi-Fi off, and turn it on again. If it asks whether you want to join that network, say "no". If it automatically joins another network, repeat the process until it joins no networks.

but if I connect to some other network on a different subnet, I assume that will work

No, because the problem we're trying to diagnose here is whether being connected to any network at all interferes with traffic capture.

I searched the manual, but I cannot find info on how to put the Mac into Monitor mode.

Not the Mac, the Wi-Fi adapter. Wireshark will do that for you (of all the OSes on which Wireshark works, the standard libpcap ...(more)

Guy Harris gravatar imageGuy Harris ( 2020-11-01 20:27:06 +0000 )edit

A typical wireless router will have two radios supporting two Wifi channels, one in the 2.4GHz and one in the 5Ghz bands. Could your PC and Mac have connected using a channel on one band and the iPhones have connected using a channel on the other band?

Jim Young gravatar imageJim Young ( 2020-11-01 22:53:37 +0000 )edit

Guy - THANK YOU!!! That works! But Wireshark should change the format of the Options screen to make it clear that there are more options to the right of the initially displayed screen. This wasted a lot of my time.

Jim - You are right, but I had turned off the 5 GHz portion as I do not need it. Thanks!

w8erdbob@gmail.com gravatar image[email protected] ( 2020-11-02 15:02:35 +0000 )edit

That works!

"That" meaning "disconnecting from all networks", "checking the Monitor check box", or both?

Guy Harris gravatar imageGuy Harris ( 2020-11-02 19:26:48 +0000 )edit

Checking the monitor box seemed to do it, but I did both. But great frustration. It worked yesterday, but not today. I have 3 phones running but no packets being captured from any of them. And 2 are connected sending voice back and forth.

w8erdbob@gmail.com gravatar image[email protected] ( 2020-11-03 15:14:38 +0000 )edit