Unlike an HTTP proxy server where you have to configure your machine to point to the HTTP proxy server in order to monitor the traffic. Wireshark is a tool for monitoring network traffic. I’m using Mac to show you this functionality.
You may need to buy an additional adapter to do this. Note that you may not be able to capture the mobile traffic on Windows because of WinPCap limitations. The last resort would be to uninstall your antivirus/firewall before capturing (which usually includes a reboot of the machine because the filters often remain in place until reboot).You can find wireshark on line - it is a free tool. Yet another possibility is to replace WinPcap with npcap which hooks to a different place in the network stack, so you may be lucky and this place may be closer to the wire than the one where the antivirus hooks in. On the other hand, you may use a USB network card, create the bridge, and then disconnect the USB card - the bridge will survive. But this requires that you have a second network card as otherwise Windows won't allow you to create the bridge. In such case, it may help to disable the functionality in the firewall/antivirus control panel.Īnother possibility could be to set up a software bridge consisting of two network cards and capture at one of the members while the antivirus/firewall should interfere with the virtual interface connected to the bridge. If there is no such item, it still does not mean that the firewall or antivirus does not do this if there is, disabling it before starting to capture may solve your issue.
So go to network adapter settings and check whether, in the list of protocols and other items, you cannot disable a filter bearing the name of your anti-virus or firewall software. Now even if Wireshark (via WinPcap) successfully switches the network interface to promiscuous mode, there may be an anti-virus/firewall filter hooked to that interface and drop packets which do not match local MAC and/or IP address even though the packet filter does let them through, and this filter may be "closer to the wire" than WinPcap's own capturing "filter". As you wrote that your hub is a real one, not a switch bearing a label "hub", it is a correct way of thinking that the issue may be related to the capturing machine and that promiscuous mode might be switched off.
0 kommentar(er)
