How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site. Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask WesPCDr Your Own Question
WesPCDr, Certified Networking Engineer
Category: Networking
Satisfied Customers: 1507
Experience:  CCNA, 11+ years in the IT field
Type Your Networking Question Here...
WesPCDr is online now
A new question is answered every 9 seconds

Does anyone know how to capture outgoing traffic on my home

Customer Question

Does anyone know how to capture outgoing traffic on my home wifi network?
Submitted: 2 years ago.
Category: Networking
Expert:  Russell H. replied 2 years ago.
Hi, thank you for contacting My name is Russell. I will do my best to provide the right answer to your question.

Wireshark is a program, that runs on a computer. It can capture and monitor either your computer's network connection outbound, or your computer's network connection inbound.
But it cannot do anything about the router itself. To capture and monitor traffic outbound from your router, by way of its WiFi transmit-receive capability, you would have to use a different means entirely. I must say there is an established means of doing so... it involves using a WiFi adapter on a computer, in 'promiscuous mode' I think it is called, and simply 'listening'. If a WiFi adapter simply listens, it hears all the radio traffic the router is sending. You can by this means, in outline, monitor all traffic outbound from the router and sent by WiFi. Being transmitted by radio waves, omnidirectionally, any computer with a WiFi adapter properly controlled and set up, can so listen in... WiFi is very not-private.

There used to be an activity, for those who had Linux computers, and a car, known as 'wardriving', where such a listening-only WiFi adapter, in a laptop, was driven about listening for WiFi signals along the way, and listing by location all routers it 'heard'. What you want is a similar arrangement, it seems, but stationary.

If the 'outbound' traffic from the router that you want to monitor, is the traffic to the modem and out to the internet, then that requires yet different means.

Let me know what you think, and I will advise you further as appropriate.
Customer: replied 2 years ago.

Sir, i am looking for step by step instructions. From what i read Wireshark can do what i am looking for but i just dont know how to use it. i was really hoping to find someone who uses Wireshark to answer my question

Expert:  Russell H. replied 2 years ago.
It turns out Wireshark can be used for that purpose, either in 'promiscuous mode', in which it captures all packets of the SSID that the network adapter has joined, or 'monitor mode', which is even broader, and in which *all* SSID packets will be captured, I gather.

To put your Wireshark into promiscuous mode, has the problem that on protected WiFi networks (i.e. ones with encrypted signals) all packets to other computers than your own, will be unreadable.
Promiscuous mode is like monitor mode, only with MAC Address filtering disabled.

So I presume you would want monitor mode. To engage monitor mode:

Try going to the Capture Options, and if there's a checkbox for 'monitor mode', check that box. This should be in Wireshark, if it is ver. 1.4 or later with libcap 1.0 or later.
Customer: replied 2 years ago.

you are getting closer but it is still not working. i have the software loaded on a wireless laptop. when i go to capture options, it only shows me the ports of the laptop. i do not want to capture my laptop data. i want to capture my daughters outgoing iphone texts. she is running witha bad crowd. i have mac addresses and ip addresses of all devices on my network. i would think i could tell wireshark exactly what addresses i am looking to gleam data from but how???

Expert:  Russell H. replied 2 years ago.
Try looking for a 'display filter', if you enter a range of MAC Addresses into it, you might get what you're looking for.

However, it would help me to advise you more specifically, if you could tell me what version of Wireshark you are running, please. Thanks.
Customer: replied 2 years ago.

it is version 1.12.6. as a test i am trying to capture data from my phone. i go to capture options and i click on Capture Filter. i select new Ethernet Address and put in my phone info and click ok. back in capture options the Start button still grayed out. what am i doing wrong? the only way to get the Start button ungrayed out is to select an interface on my laptop but i dont want that data.

Expert:  Russell H. replied 2 years ago.
I suspect from the sound of it, that you need to specify an IP Address, or perhaps an IP Address range. Perhaps the 'Ethernet Address' you speak of, is an IP Address? please tell me the details, with regard to your local network's IP Addresses and your own PC's IP address only. (The public address on the internet of your local network, should not be shared on this forum, for security's sake. Local network IP Addresses are in the form of192.168.x.xor10.x.x.xor the like. You have to select an interface on your computer! without it, WireShark is 'blind' and cannot 'see' (or 'hear') any wireless data! (Or, are your trying to 'listen' through the Ethernet, hard-wired, network port? that won't work except for communications to or from your own computer.)
Customer: replied 2 years ago.

sir, i think i need someone who knows how and has used in the past, Wireshark. everything you have told me so far is generic info that i have pulled from the website myself. is there someone on this website that has used wireshark before? what i really need is someone familiar with wireshark that can walk me through step by step to get this set up.

Expert:  Russell H. replied 2 years ago.
I have Opted Out, at your request, in favor of a previous user of WireShark.Thanks for your patience.
Expert:  WesPCDr replied 2 years ago.
Hi, I'm Wes. I can help answer your questions.
Expert:  WesPCDr replied 2 years ago.
Most routers come with a way to log the traffic.Let's start with your router make and model and I can get the step by step instructions for you.
Customer: replied 2 years ago.

hello, i have a netgear WNDR 3400v2 i am running wireshark 1.12.6. i am trying to collect SMS traffic from an iphone 5

Expert:  WesPCDr replied 2 years ago.
I don't see a syslog program for your router. Wireshark would be the next program to use to capture traffic.For SMS traffic, it's sent over a control/signaling channel from your device, and not over any TCP/IP data. This means that the SMS data is sent through your carrier and encrypted. There is iMessage SMS traffic that would go through the TCP/IP (network), but it would also be encrypted so you would not be able to see it.
Customer: replied 2 years ago.

UGH that sucks.does that mean you know of no way to see the SMS traffic?

Expert:  WesPCDr replied 2 years ago.
Correct. You can only see the network packets. Wireshark will show you that a packet went through and that it is encrypted, but you cannot decrypt it so it would be of no use.
Customer: replied 2 years ago.

what about http traffic?

Expert:  WesPCDr replied 2 years ago.
Yes. Wireshark will show you all network traffic, encrypted or not, you can only see the unencrypted traffic.
Customer: replied 2 years ago.

if you can tell me step by step how to capture http traffic from 1 particular device using wireshark we can close this ticket

Customer: replied 2 years ago.

by the way, going on 4 day vacation this morning so i may not be able to close this ticket until friday when i get back.