Wireshark not capturing packets when applying "tcp and host 157.240.23.35" (157.240.23.35= ip address of facebook)

Question

I am trying to Capture all TCP traffic to/from Facebook, during the time when i log in to my Facebook account using this "tcp and host 157.240.23.35" capture filter, but it is not capturing any packets.

I found the ip address of Facebook on cmd using "ping facebook.com".

I even tried disabling and enabling the promiscous mode both but still no packets. Please help.

score 0 · Answer 1 · answered Nov 30 '21 at 20:34

0

Facebook has many thousands of IP addresses, and many subnets. You will not be able to do a simple capture on a single IP address, nor even on a single subnet.

answered Nov 30 '21 at 20:34

Bib

922
1
5
10

https://www.ece.rutgers.edu/~marsic/books/CN/projects/wireshark/ws-project-1.html – vansika Nov 30 '21 at 20:39
i am trying to do this assigment – vansika Nov 30 '21 at 20:39
how should i do it then – vansika Nov 30 '21 at 20:40
I know how to run wireshark. And the answer to your question, you capture port 443 and only have traffic running to them. – Bib Nov 30 '21 at 20:41

score 0 · Answer 2 · answered Dec 01 '21 at 08:05

Facebook IP address rage is available here: https://gist.github.com/Whitexp/9591384

You can use range command in Wireshark instead of single IP address.

For example:: ip.addr==31.13.24.0/21 || ip.addr == 31.13.64.0/19

Since the list contains many subnets, I have shown only two. You can find the updated subnets on internet and modify the filter accordingly.

For example:: ip.addr==31.13.24.0/21 || ip.addr == 31.13.64.0/19 || ip.addr == (IP address range 3) || ip.addr == (IP address range 4)

Wireshark not capturing packets when applying "tcp and host 157.240.23.35" (157.240.23.35= ip address of facebook)

2 Answers2