First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How can I capture network traffic from my smart TV?

  • retag add tags

Hi,

I'm new to wireshark but have been using it to capture traffic on my wireless network. I notice that when I'm streaming TV like Netflix or Amazon prime, I can only see the ARP requests from my TV looking for the gateway. Shouldn't I be able to see the incoming network traffic from the streaming provider and at least see the UDP packets encrypted?

I'm using Ubuntu 18.04 on the computer running Wireshark and have Wireshark version 3.2.2. I have the RTP protocol checked in the edit -> preferences -> Protocols section.

samwestphal's avatar
1
samwestphal
asked 2020-03-27 01:39:45 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

wireless

If you're capturing in monitor mode, and you're seeing a lot of "802.11" packets being captured, first read the "How to Decrypt 802.11" page on the Wireshark Wiki (a helpful collection of resources). Your network is probably "protected" with some form of Wi-Fi Protected Access (WPA), which is a system for encrypting Wi-Fi packets to make it harder to sniff the network (yes, the fact that it's hard to use Wireshark to sniff Wi-Fi networks is a feature - of Wi-Fi).

That document will tell you how to attempt to decrypt the packets - and how to capture traffic so that it can be decrypted (to decrypt traffic to and from some other machine, your capture has to include the process of that machine associating with the network, so you may have to restart it, or disconnect it from the network and reconnect it, while Wireshark is capturing).

If you're not capturing in monitor mode, you won't see unicast packets, such as streaming traffic, to or from that machine; you'll only see broadcast traffic - such as ARP requests. See the "Linux" section of the "WLAN (IEEE 802.11) capture setup" page of the Wireshark Wiki for information on how to capture in monitor mode (OS vendors seem to go out of their way to make it difficult for an application to just say "please capture on this adapter in monitor mode", so libpcap's ability to do that is somewhat limited; maybe someday I'll have time to make that better).

Guy Harris's avatar
19.9k
Guy Harris
answered 2020-03-27 02:00:25 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer