wireshark
I'm using Wireshark on OSX, but I can't make any sense out of the filtering system.
I have this filter set up:
But when I hit that server, I don't see anything show up in the capture log. If I remove the filter, I see all sorts of network traffic. The network request I am doing is to
https://lowdown.secure.omnis.com
from an iOS application in the iOS simulator. The service receives the request, and I get a response. But I don't know how to filter these out of all the noise in Wireshark.
type http into the filter box hit enter
If you are not connected via ethernet to you home router, most likely that home router than the home router uses a switch for its LAN ports and not a hub, thus each port has its own collision domain, whereas in a hub the collision domain is shared among all the ports and you would see all traffic on every port.
If you are connected wirelessly, there may be a few issues. First, certain wireless cards' drivers do not support being put into promiscous mode. Nothing can be done about that unless you want to write your own. Second, if your network is encrypted and you are only seeing layer 2 traffic from various sources and not the higher layer protocols expected (which doesn't appear to be the case), then you must enter the WEP key into wireshark so it can handle the decryption. WPA and WPA2 decryption get more complicated, as older versions of wireshark do not support it, and if it is supported, then you must capture the entire handshake taking place between the router and the device (EAPOL packets), as unique keys are generated between the device and router.
Best Answer
You can filter on a HTTP host on multiple levels. At the application layer, you can specify a display filter for the HTTP Host header:
At the transport layer, you can specify a port using this display filter:
At the network layer, you can limit the results to an IP address using this display filter:
These display filters can also be combined:
Finally you can set a capture filter which controls the data that gets saved to a capture file. Capture filters must be set before capturing, you can open a dialog for this by double-clicking the interface name when no capture is active. This one causes a lookup of
example.comand returns IP packets matching that host: