Detecting esp8266 traffic using Wireshark

Question

I have programmed an esp8266 to make some http get requests to a remote webserver. I would like to analyze this http requests somehow, with an external tool like Wireshark.

The purpose is to see how using simply http can compromise important data, opposed to using https. So for that I am trying to understand how is the request exposed for someone that sniffs it. Also to see if the https implementation is working properly, which should be.

The esp8266 and my computer are connected to the same router, through wi-fi. I have the esp8266 working on 192.168.1.5, but applying the Wireshark filter, doesn't show any traffic at all.

Questioning if the esp8266 traffic shows up at all in Wireshark in such configuration. What tools would be used for checking the esp8266 traffic if not Wireshark?

Thank you.

Answer 1

A Wi-Fi client will generally not see the traffic of other Wi-Fi clients. Your hardware interface will discard packets meant for another MAC address, and with WPA it won't be able to decrypt them anyway (a different encryption key is used for each client).

• https://gitlab.com/wireshark/wireshark/-/wikis/CaptureSetup/WLAN

Depending on the hardware, the interface could be switched to "Monitor" mode where it gives you the real 802.11 traffic, which Wireshark could try to decrypt if you give it the PSK, but not all interfaces support monitor mode at all.

The Wi-Fi access point, and/or the router, are in a much better position to capture traffic as it goes through them anyway. (For example, an OpenWRT-based router would have tcpdump available – which can even be piped into a local Wireshark GUI.)

If neither your router nor Wi-Fi access points support packet capture, replace them with something that does – for example, you most likely could switch your laptop to "hotspot" mode and have the ESP8266 connect to that (and the laptop would forward the packets over Ethernet).