Reputation: 2783
Why I can not read http request with wireshark?
I try to see the network trafic of my mobile device in my home wlan network.when I opened wireshark, listening on the WLAN Adapter and entered http.request.method == "GET"` to the wireshark filter. All I can see is the requests from my laptop and not of my mobile device.
If I enter ip.addre == 10.0.0.30 i can see the protocolls BJNP, ICMP, IGMPv2 and so on.
What is the reason for this behavior?
In my opinion, if I can see a TCP IP Protocol, it should be also possible to see a HTTP request.
Upvotes: 0
Views: 955
Answers (2)
Reputation: 783
The first thing you need to ensure is that your network adapter is set to monitor or promiscuous mode, otherwise you just won't be able to see packets not meant for your NIC. Also, set your computer as an access point, and connect your phone to said access point.
If you're going to sniff HTTPS traffic don't forget to add your own certificate to the phone.
Upvotes: 1
Reputation: 213408
There are two things that need to happen in order for you to be able to sniff TCP traffic from another device.
Your device needs to receive the traffic you want to analyze, and
Your device must be configured in "promiscuous mode".
If promiscuous mode is disabled (which is the default), packets not intended for your laptop will never make it to Wireshark. They will instead be filtered out by your network adapter.
There are cases where this is not enough, for example, if you connect to a network with a layer 2 switch.
Upvotes: 1
Related Questions
- Why Wireshark display filter does not show http packets?
- Wireshark not capturing any packets when I apply 'tcp port http' filter
- Wireshark on macOS does not parse HTTP packets
- Wireshark not showing http protocols
- Wireshark is not displaying http and https packets
- how to capture HTTP packets in wireshark
- Wireshark HTTP Trace
- Use wireshark to see requests, not packets
- Why doesn't wireshark recognize the http text in my tcp request?
- Wireshark HTTP requests