tcpdump not capturing http or tcp/ssl traffic












2















I have been trying to learn tcpdump and I am using this command to attempt to monitor my network:



sudo tcpdump -I -i en1


But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:



sudo tcpdump -I -i en1 port 80 or 443


And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.



What am I doing wrong?



I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump, or any other utility that's built into OS X.










share|improve this question
















bumped to the homepage by Community 1 min ago


This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.




















    2















    I have been trying to learn tcpdump and I am using this command to attempt to monitor my network:



    sudo tcpdump -I -i en1


    But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:



    sudo tcpdump -I -i en1 port 80 or 443


    And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.



    What am I doing wrong?



    I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump, or any other utility that's built into OS X.










    share|improve this question
















    bumped to the homepage by Community 1 min ago


    This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.


















      2












      2








      2








      I have been trying to learn tcpdump and I am using this command to attempt to monitor my network:



      sudo tcpdump -I -i en1


      But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:



      sudo tcpdump -I -i en1 port 80 or 443


      And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.



      What am I doing wrong?



      I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump, or any other utility that's built into OS X.










      share|improve this question
















      I have been trying to learn tcpdump and I am using this command to attempt to monitor my network:



      sudo tcpdump -I -i en1


      But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:



      sudo tcpdump -I -i en1 port 80 or 443


      And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.



      What am I doing wrong?



      I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump, or any other utility that's built into OS X.







      monitoring tcp tcpdump






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Jul 3 '14 at 16:31









      polym

      6,59643157




      6,59643157










      asked Jul 3 '14 at 3:51









      addisonaddison

      1116




      1116





      bumped to the homepage by Community 1 min ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.







      bumped to the homepage by Community 1 min ago


      This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
























          1 Answer
          1






          active

          oldest

          votes


















          0














          Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l and -n parameters.




          -l Make stdout line buffered. Useful if you want to see the data while capturing it.



          -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.




          Then you can use syntax like:



          sudo tcpdump -i en1 -nl port http or port https


          For more complex queries, make sure you use brackets to group the expressions.






          share|improve this answer























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140471%2ftcpdump-not-capturing-http-or-tcp-ssl-traffic%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            0














            Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l and -n parameters.




            -l Make stdout line buffered. Useful if you want to see the data while capturing it.



            -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.




            Then you can use syntax like:



            sudo tcpdump -i en1 -nl port http or port https


            For more complex queries, make sure you use brackets to group the expressions.






            share|improve this answer




























              0














              Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l and -n parameters.




              -l Make stdout line buffered. Useful if you want to see the data while capturing it.



              -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.




              Then you can use syntax like:



              sudo tcpdump -i en1 -nl port http or port https


              For more complex queries, make sure you use brackets to group the expressions.






              share|improve this answer


























                0












                0








                0







                Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l and -n parameters.




                -l Make stdout line buffered. Useful if you want to see the data while capturing it.



                -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.




                Then you can use syntax like:



                sudo tcpdump -i en1 -nl port http or port https


                For more complex queries, make sure you use brackets to group the expressions.






                share|improve this answer













                Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l and -n parameters.




                -l Make stdout line buffered. Useful if you want to see the data while capturing it.



                -n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.




                Then you can use syntax like:



                sudo tcpdump -i en1 -nl port http or port https


                For more complex queries, make sure you use brackets to group the expressions.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Mar 9 '18 at 17:18









                kenorbkenorb

                8,451370106




                8,451370106






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140471%2ftcpdump-not-capturing-http-or-tcp-ssl-traffic%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Accessing regular linux commands in Huawei's Dopra Linux

                    Can't connect RFCOMM socket: Host is down

                    Kernel panic - not syncing: Fatal Exception in Interrupt