Ask Your Question
0

How can I get https to show in Wireshark?

asked 2017-11-04 21:26:24 +0000

bensvo gravatar image

I have been working on trying to download and successfully sniff https in Wireshark for quite some time now. I first just downloaded Wireshark on my MacBook Pro with IOS Sierra and it only showed 802.1.1 interactions and all the protocols are 802.1.1. Then I decided to switch to a virtual machine because I wanted to learn how to use a virtual machine anyways so I downloaded VirtualBox with Kali Linux which includes Wireshark. The protocols have different names and most of them are ICMP, ICGP and there are also some MDNS, SSDP, and UDP. However, Even if I use the internet while it is running, there are no http, Tcp or other protocols that should appear. I have no idea why, I am in promiscuos mode. The other thing to not that even though I want to sniff my wireless network, the only capture options with visible traffic are "eth0" and "any". Could someone please explain how to resolve this problem? Thanks for all of your guys's help.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2017-11-04 22:59:15 +0000

Guy Harris gravatar image

I first just downloaded Wireshark on my MacBook Pro with IOS Sierra and it only showed 802.1.1 interactions and all the protocols are 802.1.1.

Presumably you mean "802.11", not "802.1.1" - there's no 802.1.1 protocol.

That's because you're capturing in monitor mode, and you're on a "protected" network using encryption, so the packets that Wireshark gets are encrypted. You'd have to tell Wireshark the password for your network to decrypt the packets, and, if the network uses WPA/WPA2 rather than WEP (which it probably does), you'd have to make sure you capture the initial "EAPOL handshake" for each machine on the network whose traffic you want to see. See the Wireshark Wiki's "How to decrypt 802.11" page for more information.

Alternatively, if you only want the traffic between your Mac and other machines, you could capture with monitor mode turned off; the traffic will not be encrypted at the LAN layer, but you won't see any other machines on the network unless they're sending your Mac packets or receiving packets from your Mac.

The other thing to not that even though I want to sniff my wireless network, the only capture options with visible traffic are "eth0" and "any".

Your virtual machine probably has no wireless adapters; it has only an "Ethernet adapter" which allows it to send packets to, and receive packets from, the host machine on which the VM software is running. If you want to capture wireless traffic on the virtual machine, you'll probably need to get a USB wireless adapter, plug it into your Mac, and have the virtual machine software give the adapter to the virtual machine rather than to the Mac.

That's why you're not seeing your Mac's traffic on the Internet from the virtual machine - the only machine whose Internet traffic you'll see is the virtual machine itself.

edit flag offensive delete link more

Comments

Yeah okay. My problem is that on the bottom of my router it says WPA-PSK and when I put in the WPA-pwd in the key nothing happens. In my Wireshark decryption keys section I put wpa-psk as the key type and then the network password and the network name after separated by a semi-colon. I do not know what I am doing wrong could you please explain?

bensvo gravatar imagebensvo ( 2017-11-09 22:30:14 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2017-11-04 21:26:24 +0000

Seen: 5,256 times

Last updated: Nov 04 '17