Does your router do any type of port mirroring? (wuts the model#) You would have to mirror the port your idevice is on. Or buy an old school hub , plug your sniffer and the idevice into the same hub. Hubs broadcast all traffic, modern switches do not.

I think it can. It is a Linksys WRTU54G-TM. I'll review the setup and see if it mentions port mirroring.

Some quick questions - is the iDevice wireless? PC wireless or wired?

iDevice is wireless, PC can be wireless or wired. (Laptop.)

Long story short it does not seem like that device supports any type of SPAN ports. There is something with DD-WRT supposedly but I've never used it. You'll see broadcast traffic on your LAN but none of the unicast traffic.

You COULD dual home your PC, make it the default gateway for your iDevice and that would give you egress traffic from the iDevice. However, you'd have to specifically route traffic from the router to your iDevice via your PC.

If both were wired you could just use a hub (not switch), but that won't work since your router is an all in one device, it should not be putting wireless traffic on your wired LAN.

If you used an autonomous AP, you could wire that, your PC and the router into a hub and then see all the traffic on the hub - utilize filters to see only traffic to/from the iDevice...etc.

What device specifically are you using? There maybe "an app for that."

Ceyko, the device is an iPod and/or iPad. I follow your train of thought but am not sure how I would go about doing a few of the suggestions, e.g. dual home my pc. (I'm googl'n that now.) I can force the Router setting of the iPod to my PC ip easy enough and filter on the incoming port but then passing the stream on AND back is well above my head. (And to think I used to know the OSI model inside and out....)

I assume the DD-WRT you're referring to is this on? http://www.dd-wrt.com/site/index If I'm reading that right, it replaces my router's firmware? I have an old router laying around somewhere. I may just have to try that. For the record,I do have a hub in conjunction to the router, but as you've said, wireless traffic shouldn't be running across the LAN. Hmm... autonomous AP.... I think I may actually have an old 1st gen Proxim Access Point laying around somewhere......

IMHO, the AP, with a hub is the easiest thing to do.

Dual/multi-homing just means putting another NIC in your PC and then make it a router. Easy to setup, but it won't be clean by any stretch. It would seem clear to me you don't want it like this for long, you're just wanting to capture/monitor traffic for a period of time, for a purpose and be done with it.

The hub thing you can remove it at will and add it back in as needed.

Ok, so, let's say I find the AP and attach it to the hub. How do I capture the stream in Wireshark?