Ask Your Question
0

capture all traffic from my own phone

asked 2023-01-13 22:30:30 +0000

engimapaul gravatar image

Hi Folks,

I'd like to capture all packet activity (eventually looking at video streams) using WireShark. I have a Macbook Pro and wondering if I can do this over the WiFi interface, knowing the iphone address of my phone? I have tried promiscuous mode but only get MDNS. Trying Monitor mode is not getting anything when i filter for my IP address.

Any tips?

Thanks!

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-01-14 16:08:39 +0000

Bob Jones gravatar image

Some of the reasons monitor mode capture won't show IP address include: capturing on the wrong channel, capture setup cannot pick up the data frames you want, the traffic is encrypted, and others.

You almost certainly have a switched network which filters frames not destined for your host and wireless adapters drop unicast traffic not destined for the interface unless in monitor mode.

The best option to collect traffic if you care about anything above L2 is to collect wired network traffic with a network tap or other technique (mirror port, etc) as it will be much easier to analyze. You can collect this at the wired side of the AP or perhaps in front of the router or other suitable place.

If you have to do wireless capture, then work through all the issues in the wiki to setup your monitor mode capture.

edit flag offensive delete link more

Comments

Thanks Bob!

The network is all Wi-Fi with a combo fiber modem and router. The mac and the phone are on the same subnet via Wi-Fi. The Wi-Fi password is entered into wireshark, as far as I know correctly.

Specifically if I want to monitor the phone traffic on the mac, what would be the path of least resistance? Plugging into the router/modem is certainly not a problem.

Thanks!

engimapaul gravatar imageengimapaul ( 2023-01-14 22:39:31 +0000 )edit

For decryption, WPA2 requires the passphrase as well as capturing the 4-way handshake. WPA3 would not decrypt at all using this method.

If you have a commercial router/AP combo, then the ability to get data out is very limited. Some ideas include using your PC as an AP and having the phone connect to it. Or perhaps try one of the ap/routers that have third party Linux firmware like OpenWRT as they usually have more capability.

Bob Jones gravatar imageBob Jones ( 2023-01-15 14:07:56 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-01-13 22:30:30 +0000

Seen: 1,558 times

Last updated: Jan 14 '23