How do WiFi sniffers work?

WLAN sniffer: record data traffic with Wireshark and Fritzbox Capture

Daniel Behrens, Arne Arnold

What personal information is inadvertently found on the Internet? Which apps and which network devices are behind it? Which websites do your children visit? Your (WLAN) router will provide answers to all of these questions.

EnlargeHow to find out about WiFi snoopers.

Desktop PC, notebook, smartphone, tablet, television, hi-fi system: More and more devices now have a network interface and are connected to the router via LAN cable or wirelessly via WLAN. You all have full access to the Internet.

And they don't just use them to request and send data on your behalf. No, they are also automatically active and send status information, usage statistics and much more. Sounds kind of scary, doesn't it? The same applies to Internet connections shared by several family members.

EnlargeUse the secret router function: With an undocumented call of the Fritzbox user interface, you can record the entire data traffic and save it on the hard drive of your PC.

In this case, too, you cannot see on your router which data is currently being transmitted by the others. However, especially with underage children, it is not a bad idea to take a random check every now and then to see which web addresses they call up. In the normal way, you cannot find out what data is rushing through the router. However, some devices offer a hidden diagnostic function that you can use for this purpose. You also need (free) software to evaluate the data stream. You can find out how it all works in this post.

Security check - secure the router

Step 1: Find the router's diagnostic function

First of all, you need to find out whether your router has the capability to record network traffic. Most manufacturers hide the corresponding menu item in the configuration so as not to confuse or overwhelm inexperienced users. With the AVM Fritzboxes, which are widespread in Germany, you can access the "packet recording" from a connected PC via an undocumented configuration call. This is: If the link does not work with your Fritzbox model, use this one here.

The procedure is similar for some of the Telekom Speedport routers. However, you must first log in as normal via speedport.ip and then the address http: //speedport.ip/html/capture.html or the address http: //speedport.ip/cgi-bin/webcm? Getpage =. Go to ./html/capture.html. With routers from Alice / O2 it usually works with the address and selection of the network interface "NAS1". If necessary, you must first log in regularly with the router password via With many Easybox routers from Vodafone there is an option for recording the data traffic under "Extras ➞ Diagnostic program ➞ Recording of WAN data packets ➞ VC1". Please note, however, that from a legal point of view, you are only allowed to record and analyze your own data traffic and that of your underage children.

Step 2: Preparations for the data recording

In order to be able to filter the network recording for a specific device later, you have to find out which device has been assigned which internal network identifier (IP address) by the router. To do this, open the command line on a Windows PC and type ipconfig a. Internal network addresses usually have the structure 192.168.x.x. On an Android device, open the WLAN settings, tap the menu button and select "Advanced". You will be taken to a status page on which you can read off the internal IP address. For iOS devices, tap on “Wi-Fi” in the settings and then on the blue arrow button on the far right for the WLAN you are logged into.

EnlargeDon't be alarmed: This is what the packet recording in the free Wireshark analysis program looks like before you filter it. Each entry in the list corresponds to a sent or received data packet.

Step 3: Start data recording from the router

In the following, using the example of the Fritzbox 7390, firmware version “FRITZ! OS 05.22” (84.05.22), we describe how to create a packet recording: First, call the address or, respectively, mentioned above in your web browser Then click on “Start” in the “Routing Interface” line. A download dialog should appear after a short while. If not, go to any website in a second browser window to generate some network traffic. You can now start downloading the recording at the latest.

This is a streamed download: When (Internet) packets are sent from or to the Fritzbox, they are also written into the open download file at the same time. If there is currently no transfer taking place, the download will also pause. When you have collected enough data for your purposes after a few minutes, hours or days, click on the "Stop" button on the "Fritz! Box parcel recording" page. What you should never do: stop the download using the browser's dialog box. Because then it will be canceled and the data received up to then will be gone.

EnlargeFrom behind through the chest: In order to limit the following evaluations to a network device, you have to temporarily filter out its IP address and? Ignore? All other packets. put.

Step 4: Evaluate the data recording with Wireshark