Ask Your Question
0

How to capture wireless traffic between iPhone app and AV Receiver from Mac

asked 2025-11-22 23:21:23 +0000

DonInLA gravatar image

updated 2025-11-23 18:23:53 +0000

I’m running Wireshark on a Mac (M2 Mini). I have an AV Receiver with a wifi interface, and an iPhone 14. I’m trying to capture the traffic (I understand it is UDP) between an app on the iphone and the receiver, but not getting anything. I assume it is something basic that I don’t understand about how to set up wireshark, or something about my network setup. As far as i know, the traffic is not encrypted.

  • I have a TP-Link wifi mesh network with 3 nodes.
  • The Mac is connected to the same wifi network as the iphone and receiver.
  • The iphone and Mac are on the same node of the mesh network, the receiver is on a different node
  • The Mac also has an ethernet connection to the TP-Link router.
  • I have the IP addresses of the receiver (10.0.1.19) and iPhone (10.0.1.12).
  • i can successfully ping the receiver from the Mac

I selected both the wifi and ethernet interface on the mac and tried the following filter: host 10.0.1.19 && host 10.0.1.12 && udp

However nothing is captured as i use the iPhone app to make changes on the receiver. I tried removing “udp” from the filter, same thing.

Would appreciate any suggestions as to why this is not working…

thanks!

edit retag flag offensive close merge delete

Comments

Can you make a packet capture on the router?

Chuckc gravatar imageChuckc ( 2025-11-23 15:03:32 +0000 )edit

No, it is TPlink Deco router, i don’t see any way to capture traffic from the Deco app, assuming that is what you mean.

DonInLA gravatar imageDonInLA ( 2025-11-23 17:08:59 +0000 )edit

Yep. Capture there probably would have been easier.
Wireless capture (and on a Mac to boot) not my strength.
Add those to the question title and lets see if someone stronger in wireless helps.

Chuckc gravatar imageChuckc ( 2025-11-23 18:18:02 +0000 )edit
1

If I were to want to decode application layer traffic, I would always prefer a wired capture of the traffic instead of trying to deal with monitor mode. I use monitor mode to look only at layer 2 WiFi problems if at all possible and leave higher layers for wired side capture.

Your filters are for layer 3, i.e. IP addresses, and another device connected to the same WiFi system will not pass unicast traffic between other hosts up to a capture point on your system. This is why you won't see them when connecting to the AP in managed mode and turning on Wireshark on that interface on the sniffer PC. To see this traffic, you will need to be in monitor mode with your MAC.

Anyway, if you must use monitor mode, this is likely a problem:

The Mac is connected to the same wifi network ...
(more)
Bob Jones gravatar imageBob Jones ( 2025-11-26 13:06:08 +0000 )edit
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2025-11-24 11:42:49 +0000

gielo gravatar image

Hi

HTTP Sniffer and Capture on Iphone might be of use. I used PCAPdroid on an Android phone and is able to run a capture on my phone which can be read with Wireshark

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2025-11-22 23:21:23 +0000

Seen: 148 times

Last updated: Nov 24