Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Using Wireshark to sniff traffic

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "bruce" <bedouglas@xxxxxxxxxxxxx>
Date: Tue, 14 Apr 2009 17:39:10 -0700
Hi Gary.

I've got wireshark running on the same box as the test browser.

I setup the system to look at http/udp traffic. With only the test browser
pointing to the site http://wbls.com/pages/3874639.php (wbls.com), I managed
to see the traffic coming from/to the local box. In this case, the ip
address was 72.13.89.13.

I took a guess, fired up the mplayer app, shoved http://72.13.89.13/wbls in,
and viola.. got the station playing...

I still don't know enough to know exactly how to determine the exact
'address' of the stream.. IE, how to figure out, using the site's '.js'
files/source from the website, combined with the traffic data to figure out
exactly what the ip address/url for the music/stream is.

thanks

-bruce



-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx]On Behalf Of Guy Harris
Sent: Tuesday, April 14, 2009 4:37 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] Using Wireshark to sniff traffic



On Apr 14, 2009, at 4:26 PM, bruce wrote:

> Trying to figure out if/how to use wireshark to find an address:port
> for an
> embedded mp3 player that's streaming audio from a website. I've looked
> through the website source, as well as the .js files and don't see
> any kind
> of mms://...
>
> Can wireshark be used for this kind of thing,

Possibly.

> and if so, how?!

1. Attach a machine running Wireshark to the same network as the one
the MP3 player is on.  If it's Ethernet, you might have to deal with
switching, etc.:

	http://wiki.wireshark.org/CaptureSetup/Ethernet

    If it's Wi-Fi, you might have to deal with promiscuous and monitor
mode, as well as decrypting WEP or WPA traffic:

	http://wiki.wireshark.org/CaptureSetup/WLAN

	http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28WPA%29

2. Start capturing, in promiscuous mode (or possibly monitor mode on
Wi-Fi), with no capture filter.

3. Start the MP3 player.

4. Once it starts playing, stop the capture and look through the
traffic to see what happens.  Perhaps there's some initial HTTP
traffic to set things up, perhaps there's some RTSP traffic, etc..
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube