How to make Wireshark show http format instead of 802.11 or check if Wireshark is capturing it












0














First of all, this might look like a duplicate from this post, and it kind of is, but at the time writing my rep is not high enough to comment and I was walking in to some issues whilst applying that answer.



I have set up an open WiFi AP (testing-hotspot) and I'm trying to sniff WiFi traffic coming from and going to it.
I connected to it with my phone and loaded up a non secure testing website (just HTTP, no SSL or whatsoever) and filled in a password form.



I expected to see it appear in Wireshark but it didn't. After I did some research regarding my issue I came across the aforementioned question and tried the there given answer, typing http in the filter box with no results, just an empty screen. It does intercept date from the AP because it shows SSID=testing-hotspot. Does anyone know what is causing this and how I can fix this?



--Edit:



I've added a screenshot
added a screenshot



I would like to know how I can see HTTP, TCP, UDP and so forth packets instead of 802.11






wireless-networking http wireshark sniffing 802.11







share|improve this question





























    0














    First of all, this might look like a duplicate from this post, and it kind of is, but at the time writing my rep is not high enough to comment and I was walking in to some issues whilst applying that answer.



    I have set up an open WiFi AP (testing-hotspot) and I'm trying to sniff WiFi traffic coming from and going to it.
    I connected to it with my phone and loaded up a non secure testing website (just HTTP, no SSL or whatsoever) and filled in a password form.



    I expected to see it appear in Wireshark but it didn't. After I did some research regarding my issue I came across the aforementioned question and tried the there given answer, typing http in the filter box with no results, just an empty screen. It does intercept date from the AP because it shows SSID=testing-hotspot. Does anyone know what is causing this and how I can fix this?



    --Edit:



    I've added a screenshot
    added a screenshot



    I would like to know how I can see HTTP, TCP, UDP and so forth packets instead of 802.11






    wireless-networking http wireshark sniffing 802.11







    share|improve this question



























      0












      0








      0







      First of all, this might look like a duplicate from this post, and it kind of is, but at the time writing my rep is not high enough to comment and I was walking in to some issues whilst applying that answer.



      I have set up an open WiFi AP (testing-hotspot) and I'm trying to sniff WiFi traffic coming from and going to it.
      I connected to it with my phone and loaded up a non secure testing website (just HTTP, no SSL or whatsoever) and filled in a password form.



      I expected to see it appear in Wireshark but it didn't. After I did some research regarding my issue I came across the aforementioned question and tried the there given answer, typing http in the filter box with no results, just an empty screen. It does intercept date from the AP because it shows SSID=testing-hotspot. Does anyone know what is causing this and how I can fix this?



      --Edit:



      I've added a screenshot
      added a screenshot



      I would like to know how I can see HTTP, TCP, UDP and so forth packets instead of 802.11






      wireless-networking http wireshark sniffing 802.11







      share|improve this question















      First of all, this might look like a duplicate from this post, and it kind of is, but at the time writing my rep is not high enough to comment and I was walking in to some issues whilst applying that answer.



      I have set up an open WiFi AP (testing-hotspot) and I'm trying to sniff WiFi traffic coming from and going to it.
      I connected to it with my phone and loaded up a non secure testing website (just HTTP, no SSL or whatsoever) and filled in a password form.



      I expected to see it appear in Wireshark but it didn't. After I did some research regarding my issue I came across the aforementioned question and tried the there given answer, typing http in the filter box with no results, just an empty screen. It does intercept date from the AP because it shows SSID=testing-hotspot. Does anyone know what is causing this and how I can fix this?



      --Edit:



      I've added a screenshot
      added a screenshot



      I would like to know how I can see HTTP, TCP, UDP and so forth packets instead of 802.11






      wireless-networking http wireshark sniffing 802.11




      wireless-networking http wireshark sniffing 802.11






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Dec 12 at 9:15









      Burgi

      3,84192542




      3,84192542










      asked Dec 8 at 21:58









      Joeri

      12




      12






















          1 Answer
          1






          active

          oldest

          votes


















          0














          Your screenshot only shows beacon frames, not actual data between your phone and the AP.



          So either (1) you are capturing the wrong wifi interface, or (2) you didn't show us the captured non-beacon frames, or (3) your phone wasn't connected to your testing-hotspot, but to some other AP, or (4) your whole setup is in a way that you don't capture data between the phone and the AP.



          Note that you won't see traffic between other clients and the AP on WLAN, so if you are capturing this on a client different from your phone, it is not going to work.



          You either need to capture the traffic on the phone, or on the AP itself. And the AP must be configured to forward the packets to some other network interface, e.g. LAN. If you bridged an WLAN-AP to a WLAN-STATION, you may not see any packets.






          share|improve this answer





















          • Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
            – grawity
            Dec 12 at 10:17











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "3"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381969%2fhow-to-make-wireshark-show-http-format-instead-of-802-11-or-check-if-wireshark-i%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          0














          Your screenshot only shows beacon frames, not actual data between your phone and the AP.



          So either (1) you are capturing the wrong wifi interface, or (2) you didn't show us the captured non-beacon frames, or (3) your phone wasn't connected to your testing-hotspot, but to some other AP, or (4) your whole setup is in a way that you don't capture data between the phone and the AP.



          Note that you won't see traffic between other clients and the AP on WLAN, so if you are capturing this on a client different from your phone, it is not going to work.



          You either need to capture the traffic on the phone, or on the AP itself. And the AP must be configured to forward the packets to some other network interface, e.g. LAN. If you bridged an WLAN-AP to a WLAN-STATION, you may not see any packets.






          share|improve this answer





















          • Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
            – grawity
            Dec 12 at 10:17
















          0














          Your screenshot only shows beacon frames, not actual data between your phone and the AP.



          So either (1) you are capturing the wrong wifi interface, or (2) you didn't show us the captured non-beacon frames, or (3) your phone wasn't connected to your testing-hotspot, but to some other AP, or (4) your whole setup is in a way that you don't capture data between the phone and the AP.



          Note that you won't see traffic between other clients and the AP on WLAN, so if you are capturing this on a client different from your phone, it is not going to work.



          You either need to capture the traffic on the phone, or on the AP itself. And the AP must be configured to forward the packets to some other network interface, e.g. LAN. If you bridged an WLAN-AP to a WLAN-STATION, you may not see any packets.






          share|improve this answer





















          • Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
            – grawity
            Dec 12 at 10:17














          0












          0








          0






          Your screenshot only shows beacon frames, not actual data between your phone and the AP.



          So either (1) you are capturing the wrong wifi interface, or (2) you didn't show us the captured non-beacon frames, or (3) your phone wasn't connected to your testing-hotspot, but to some other AP, or (4) your whole setup is in a way that you don't capture data between the phone and the AP.



          Note that you won't see traffic between other clients and the AP on WLAN, so if you are capturing this on a client different from your phone, it is not going to work.



          You either need to capture the traffic on the phone, or on the AP itself. And the AP must be configured to forward the packets to some other network interface, e.g. LAN. If you bridged an WLAN-AP to a WLAN-STATION, you may not see any packets.






          share|improve this answer












          Your screenshot only shows beacon frames, not actual data between your phone and the AP.



          So either (1) you are capturing the wrong wifi interface, or (2) you didn't show us the captured non-beacon frames, or (3) your phone wasn't connected to your testing-hotspot, but to some other AP, or (4) your whole setup is in a way that you don't capture data between the phone and the AP.



          Note that you won't see traffic between other clients and the AP on WLAN, so if you are capturing this on a client different from your phone, it is not going to work.



          You either need to capture the traffic on the phone, or on the AP itself. And the AP must be configured to forward the packets to some other network interface, e.g. LAN. If you bridged an WLAN-AP to a WLAN-STATION, you may not see any packets.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Dec 12 at 9:34









          dirkt

          9,04231121




          9,04231121












          • Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
            – grawity
            Dec 12 at 10:17


















          • Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
            – grawity
            Dec 12 at 10:17
















          Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
          – grawity
          Dec 12 at 10:17




          Seeing beacon frames usually means monitor mode, which should be able to capture any frame received via radio, even if it's addressed to another device... Or at least it used to be possible with older modes (b/g/n).
          – grawity
          Dec 12 at 10:17


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Super User!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1381969%2fhow-to-make-wireshark-show-http-format-instead-of-802-11-or-check-if-wireshark-i%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Plaza Victoria

          Image
          Plaza Victoria Plaza Victoria en 2017 Otros nombres Plaza de La Victoria Localización El Almendral, Valparaíso, Chile Vías adyacentes Chacabuco, Molina, Plaza Victoria y Edwards Creación 1841 Metro Bellavista Ubicación 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 Coordenadas: 33°02′46″S 71°37′11″O  /  -33.04624167, -71.61980833 [editar datos en Wikidata] La Plaza Victoria , también llamada Plaza de la Victoria , [ 1 ] ​ es una plaza ubicada en el sector El Almendral del plan de la ciudad de Valparaíso, Chile, de importancia patrimonial, que incluye valiosas estatuas y especies vegetales. [ 2 ] ​ La plaza se creó como tal en la primera mitad del siglo XIX, tomando previamente los nombres de Plaza Nueva y Plaza de Orrego . Si bien desde sus inicios tuvo relevancia histórica, no fue sino a partir de fines de los años 1860 cuando comenzó a cobrar mayor importancia y se convirtió en uno de los principales centros sociales de l
          Read more

          In PowerPoint, is there a keyboard shortcut for bulleted / numbered list?

          Image
          .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 2 OneNote has two useful keyboard shortcuts for bulleted and numbered lists, namely Ctrl + . and Ctrl + - . Is there something similar for PowerPoint where the work with lists is also very common? Haven't found anything here: Use keyboard shortcuts in PowerPoint. keyboard-shortcuts microsoft-powerpoint share | improve this question edited Aug 14 '14 at 14:49 Linger 2,826 10 28 40
          Read more

          How to put 3 figures in Latex with 2 figures side by side and 1 below these side by side images but in...

          Image
          1 0 I want to put 3 images in LateX such as 2 figures are side by side horizotally and 3rd figure below these 2 side by side figures but in middle. I have following code: begin{figure}[H] centering begin{minipage}{.5textwidth} centering includegraphics[width=.50linewidth]{Text/Images/Genelec_8010_AP.jpg} captionof{figure}{Genelec 8010 AP} label{fig:Genelec 8010} end{minipage}% begin{minipage}{.5textwidth} centering includegraphics[width=.69linewidth]{Text/Images/Genelec_8020_CPM.jpg} captionof{figure}{Genelec 8020 CPM} label{fig:Genelec 8020} end{minipage}% end{figure} %%Here is my 3rd picture code begin{figure} centering includegraphics[width=5cm]{Text/Images/Genelec_8030_BPM.jpg} caption{Genelec 8030 BPM} label{fig:Genelec 8030} end{figure} I want to ask ho
          Read more