Answer the question
In order to leave comments, you need to log in
D
D
driverx182017-08-15 00:15:33
driverx18, 2017-08-15 00:15:33
Why doesn't Wireshark output what it should?
Today I read an article on Habré, and there a person sent messages to Telegram from a phone, and he received data on a laptop in Wireshark that he sent via phone (as I understand it, the phone and laptop were on the same Wi-Fi network). It became directly interesting for me to intercept the traffic of all my devices, go to different sites, but Wireshark, firstly, does not see my smartphone for some reason, and secondly, even when I go to various sites through the laptop, the packets become full, but For some reason, these packets do not contain information that I visited a particular site (I even filtered, entered the IP of those sites that I visited). + there I almost never saw HTTP output, usually TCP / UDP ..
What could be the reasons that wireshark does not see the phone, and why packets are sent (which I send from the device where Wireshark itself is running), but there are no packets from the sites I actually visited?
2 answer(s)
@mureevms
The last point is the telegram from which the traffic was intercepted, because. it goes through the local machine. Those. I have Wireshark and Virtual Box installed on my computer. Android is installed inside Virtual Box, and Telegram is installed inside Android.
@vesper-bot
VPN did not forget to turn off before checking?
Because it is connected to the switch via Wi-Fi, and the switch is designed in such a way that it does not give other people's packets to the LAN until you tell it that this is a promiscuous port, that is, here you can duplicate everything that goes through the switch for analysis.
M
mureevms, 2017-08-15 @mureevms
Testing tools are described at the beginning of the article:
Android 4.3 in Virtual Box
Wireshark running on local machine.
HTC One with Android 4.0.3
Telegram 1.3.800 (in virtual box)
The last point is the telegram from which the traffic was intercepted, because. it goes through the local machine. Those. I have Wireshark and Virtual Box installed on my computer. Android is installed inside Virtual Box, and Telegram is installed inside Android.
M
Maxim Grishin, 2017-08-15 @vesper-bot
even when I go to various sites through the laptop, the packages become full, but for some reason these packages do not contain information that I visited this or that site
VPN did not forget to turn off before checking?
Because it is connected to the switch via Wi-Fi, and the switch is designed in such a way that it does not give other people's packets to the LAN until you tell it that this is a promiscuous port, that is, here you can duplicate everything that goes through the switch for analysis.
Similar questions
M
A
E
E
E
Eugene2019-05-20 15:34:40
How to remotely edit the /rtmp section in the nginx configuration file?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question