I noticed that with deauthentication display filter on (wlan.fc.type_subtype eq 12), wireshark can only see broadcast deauthentication (but not client specific deauthentication). This is confirmed as we able to see the client specific deauthentication message with a different software. Can you confirm whether it is a limitation with wireshark and whether it will be fixed in the near future? Thanks asked 07 Mar '14, 15:53  mezzokatso |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
can you provide a sample capture file with two frames in the same file (on google drive, dropbox, cloudshark.org)?