I'm trying to test Wireshark's / my computer's ability to capture WiFi packets to and from other computers on the same WiFi network. When I capture in promiscuous non-monitor mode, I get full TCP/IP stack data, including HTTP data. However, I only see data from my computer. So I try promiscuous + monitor mode + network decryption key. When I do this, I see tons of broadcast 802.11 protocol records, but no HTTP, ICMP, or DHCP packets. I'm not interested in seeing radio headers, just high level TCP/IP data pertaining to other computers on the network. Am I doing something wrong? System:
asked 23 Apr '14, 00:11  mcandre |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
I have the same issue, did you ever get this working?
No, I never did :( I would have most definitely posted the solution if I found one, I hate when people post 'fixed it' without saying how.
Do you see non-broadcast 802.11 packets? (Check the destination MAC address.)