This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Capture streaming traffic from Roku

0

I need to know if Wireshark can be used for gathering log files from a Roku playing TV shows, movies etc. using Sling TV?

asked 03 Feb '16, 16:48

lendab's gravatar image

lendab
6112
accept rate: 0%

edited 04 Feb '16, 06:41

grahamb's gravatar image

grahamb ♦
19.8k330206

What do you mean by log files?

Roku works by streaming media over the WiFi network. Wireshark is part of the solution to capture WiFi frames. You will also need a linux or MAC machine, a WiFi adapter and WiFi drivers that can capture all the WiFi traffic from your WLAN (promiscuous mode).

Now you have the WiFi capture, you have to analyze it. You will be able to see the Roku connect to your WiFi network and then connect to the Sling TV server. You will also be able to see any disconnects. But viewing the actual media over that connection would require you to decrypt the connection to Sling TV. That would require some encryption keys located on the Sling server (i.e., you will not be able to get those keys and thus will not be able to view the media sent over the connection).

So please provide further details on what you are trying to accomplish.

(04 Feb '16, 01:50) Amato_C

I am needing to capture the log files from the streaming media. It doesn't sound as though this would work for us unless we have a linux or MAC machine, a WiFi adapter and WiFi drivers. I would welcome anymore insight you might have regarding this issue.

Thanks,

Lendab

(04 Feb '16, 05:48) lendab

I've amended the question title as it seems you wish to capture roku traffic, not examine any, possibly non-existent, log files from the roku.

Capture files and log files are different things here.

(04 Feb '16, 06:41) grahamb ♦

It seems like a vocabulary problem. A "log" file is a file (usually but not necessarily a plaintext one) into which an application writes information about the progress of its execution, problems encountered during execution, and eventually also information gathered during execution. It is not normally transmitted over the network as part of normal operation.

A "capture" file is a file which contains a recording of some events or traffic - in case of Wireshark, the packets captured on a (network) interface.

To capture the packets on air - yes, you would need linux or MAC machine or an AirPcap adaptor for a Windows machine. But even if you would be able to capture the data transfers between the device running Roku and the video server, you wouldn't be able to decipher the multimedia stream.

You may be able to decipher the WPA2-encrypted communication between your Roku device and your WiFi Access Point, so that you would be able to see packet headers at IP layer (IP addresses, transport protocol type, ports etc). But the payload of these packets will be encrypted using SSL (or even some other encryption method), which is undecipherable for you unless you could get into the closed system of Roku and make it disclose the keys it uses for SSL on its side. This is possible with e.g. a Mozilla Firefox web browser, but hardly with a closed commercial product like Roku.

(04 Feb '16, 08:22) sindy

One Answer:

0

OK. Here are some good starting points:

  1. General knowledge about capturing WiFi traffic using Wireshark = https://wiki.wireshark.org/CaptureSetup/WLAN
  2. How to decrypt WiFi traffic so you can view the upper layers in the protocol stack = https://wiki.wireshark.org/HowToDecrypt802.11

Saying all that, Wireshark is the cheapest solution. There are other solutions that provide the entire package (software, adapters, drivers and even training) but they cost money. So if your doing this for your own knowledge, then use Wireshark. But if you are trying to solve a problem and running on a tight development schedule, you might want to investigate other solutions. I can provide some recommendations for you if you like regarding the other solutions.

answered 04 Feb '16, 06:20

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%