Hello
Thanks for your prompt response !
>> I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets (specifically traffic form my iPhone).
>>
>> I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from other devices, no IP...
>
> So what is the UDP traffic running over if it's not IP? :-)
>
Of course this should read no TCP ;)
>
> If so, you're probably seeing only broadcast traffic. The Wi-Fi adapters might not work in promiscuous mode; if you want to see traffic to and from other hosts, you might need to use monitor mode.
>
> If you're running on Tiger, try capturing on wlt1 rather than en1. If you're running on Leopard, try selecting 802.11 or 802.11+radio information headers. If you're running on Snow Leopard, then either try that or, if there's a checkbox for monitor mode, try checking that.
>
Running 1.2.9 under SnowLeopard (10.6.4). Don't see a checkbox for monitor mode - Tried to switch to 802.11 mode: I certainly see much more noise (including lots of "malformed packets" - is this normal ?) but still not the TCP stuff I'm looking for (such as plain vanilla http traffic)
> Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.
Hmm... so what you are saying is that in an encrypted network I will not be able to access the plaintext content of the packets even if I have joined the network ?
Again many thanks for your help
Regards
alex
