I have an IoT device on my local network - has a touch screen to initiate some service requests from a remote internet host but it is otherwise inscrutible.
My setup is a private address space subnet/LAN with internet/WAN via 4G D-Link Wireless Router acting as DHCP host and gateway. There is no proxy or other stuff on this simple network.
I have my windows PC with Wireshark connected via ethernet on the D-Link and served up a reserved 192.168.0.50 IP.
The D-Link is the default gateway at 192.168.0.1, no firewalling, no NAT, VPN, DMZ or other stuff.
The IoT Device is also connected to the D-Link by ethernet and reserved up 192.168.0.52
So...
In Wireshark I can easily enough see the IoT device responding to ping on my Windows Laptop.
The web-browser admin session with the IoT device also shows session info [192.168.0.50 <-> 192.168.0.52] easily enough.
I have simply used the filter ip.addr == 192.168.0.52
What I am trying to observe/study is the frequency of calls from the IoT device to an internet service to get tasks. Is this a case where I cannot capture this from a (promiscuous) adapter on the local LAN - because they are not broadcast, but point to point going only from 192.168.0.52 -> 192.168.0.1 -> [Remote Host]
I can trigger a remote host connection with a touchscreen action on the IoT device.
I know it is then establishing an https session with a remote host but I want to then see how often in the background it is repeating these remote host connections. I have not worked out if it is even possible without perhaps a wiretap or something to observe these client to server requests from the IoT client to the remote host?
I hope is this clear enough to give a knowledgable wireshark user the kind of beginner ignorance I suffer from in this case.
