Wireshark not displaying packets on my LAN for iPhone

asked 2021-09-14

Hi, new user, but experienced in the industry.

Wireshark doesn't appear to be capturing packets of iphones on my LAN. I obtained the ip address of my iPhone on my LAN ( Next, I ran (as administrator) Wireshark. I then selected Wi-Fi as the interface, and Wireshark started capturing packets. I added the display filter "ip.addr==" in the display filter and clicked the arrow at the far right of the display filter text box to implement the filter. No traffic is detected. I tried an ip address of a different phone, still no traffic. I updated the ip address again to a different wireless device, and traffic was recorded. What am I not doing right?

How is the capture setup? Are you capturing traffic between the AP and your computer or all Wi-Fi traffic?

BigFatCat gravatar imageBigFatCat ( 2021-09-15 07:33:47 +0000 )edit

answered 2021-09-15

Guy Harris

If you're capturing in monitor mode, then, if you're on a "protected" network (with WEP or WPA encryption), the packets are encrypted, and you'll have to provide a password and may need to arrange to capture the packet sequence sent when your phone joins the network. See the "How to decrypt 802.11" page in the Wireshark Wiki.

If you're not capturing in monitor mode, you won't see any traffic other than traffic going to and from the host running Wireshark.

(These apply to all Wi-Fi sniffers, not just Wireshark, although not all of them support decrypting packets.)

