2
I just got a video baby monitor. It has several ports open including RTSP (554) by using Fing which is acting like nmap. I'd like to figure out what the full URL is of the stream. I have tried to snoop in monitor mode using Wireshark on my Mac to observe the packets between the monitor and my iPad using their app, but I am unable to make sense of the 802.11 packets. Is there a way to reassemble them?
Daniel A. White
Posted 2016-04-20T00:43:10.573
Reputation: 3 428
2
IIRC they said they were qos data packets.
I would bet a large amount of money that your network is a "protected" network, using either WEP or WPA/WPA2, which means that it uses encryption to protect against people trying to sniff the network, and that the packets in question have the "Protected" bit set in the link-layer header, meaning that they're encrypted.
This means that they cannot be dissected past the 802.11 layer unless they can be decrypted.
Therefore, you will need to, at a minimum, provide Wireshark with the password for the network. If it's a WPA/WPA2 network, you will also need to, after you start capturing, disconnect the baby monitor from the network and reconnect it, in order to force it to re-associate with the network, so that you capture the "EAPOL handshake" when it joins the network.
See the Wireshark Wiki page on decrypting 802.11 packets for more details.
Are "the 802.11 packets" just being reported with a protocol of "802.11", rather than as IP or UDP or RTSP? – None – 2016-04-20T01:48:16.877
How have you worked out what ports are open? Where are you running the wireshark? What do you use to view the video? Please [edit] to add more info. – Paul – 2016-04-20T01:49:57.527
@GuyHarris correct. IIRC they said they were qos data packets. – Daniel A. White – 2016-04-20T01:50:39.420