How can I see other client http(s) requests from wireshark? [closed]
I am authenticated to a Wi-Fi network, where my IP is 192.168.1.30, and there is another client with IP 192.168.1.24.
I run Wireshark and filter ip.addr == 192.168.1.24 I can only see mDNS requests (it is an Apple iPhone in this case), so I am guessing only multicast requests. To be able to see unicast traffic, I need to spoof the router's IP/MAC address, right?
On Wireshark, I can't see that client's unicast traffic because PTK is unique, correct? My network adapter should still be able to capture the unicast traffic, but it doesn't know that client's PTK, it can't decrypt the packet, or it can't even capture the packet at all?
If that is the case, by just ARP spoofing the gateway (router) IP, I can see all the network of that client? So is all I need to do ARP spoofing the router to capture HTTP (unicast) traffic of that client?
So to decrypt PTK of other clients, I assume this is a PTK issue (I ONLY SEE UDP AND MDNS FROM OTHER CLIENTS) I need to do ARP spoofing?
Cannot Capture Frames Other Than Broadcast or Multicast over WLAN
This person asked the same question on another forum and I added the keys inside Protocols of preferences in Wireshark, yet nothing changed
