Wireshark-users: Re: [Wireshark-users] Using Wireshark to sniff traffic

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 14 Apr 2009 16:36:58 -0700

On Apr 14, 2009, at 4:26 PM, bruce wrote:

Trying to figure out if/how to use wireshark to find an address:port for an
embedded mp3 player that's streaming audio from a website. I've looked
through the website source, as well as the .js files and don't see any kind
of mms://...

Can wireshark be used for this kind of thing,

Possibly.

and if so, how?!

1. Attach a machine running Wireshark to the same network as the one the MP3 player is on. If it's Ethernet, you might have to deal with switching, etc.:

	http://wiki.wireshark.org/CaptureSetup/Ethernet

If it's Wi-Fi, you might have to deal with promiscuous and monitor mode, as well as decrypting WEP or WPA traffic:

	http://wiki.wireshark.org/CaptureSetup/WLAN

	http://wiki.wireshark.org/HowToDecrypt802.11?highlight=%28WPA%29

2. Start capturing, in promiscuous mode (or possibly monitor mode on Wi-Fi), with no capture filter.

3. Start the MP3 player.

4. Once it starts playing, stop the capture and look through the traffic to see what happens. Perhaps there's some initial HTTP traffic to set things up, perhaps there's some RTSP traffic, etc..