This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hey there,

I am running Kali linux and I have a TP-Link USB adapter. I have also started airmon-ng for the wlan adapter, then selected it in Wireshark and started a capture. I can see all sorts of broadcast traffic on the 802.11 network but if I want to filter with something like tcp.port==80 that won't work. I have a test laptop next to me and I would like to be able to see the HTTP traffic that is sent from that when they are both connected to the same network

Is there a way I can get the card to see the actual protocol being used as it does when connected via ethernet? Right now the whole protocol column is 802.11 instead of seeing things like HTTP, HTTPS, SNMP, etc.

asked 21 May '14, 06:08

fac3l3ss's gravatar image

fac3l3ss
1111
accept rate: 0%


I can see all sorts of broadcast traffic on the 802.11 network but if I want to filter with something like tcp.port==80 that won't work.

sounds like your wifi traffic is encrypted. Do you have to enter a password while you connect to the wifi network?

If so, please read the wifi/wlan decryption Wiki.

http://wiki.wireshark.org/HowToDecrypt802.11

Regards
Kurt

permanent link

answered 25 May '14, 11:30

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×154
×139

question asked: 21 May '14, 06:08

question was seen: 3,823 times

last updated: 25 May '14, 11:30

p​o​w​e​r​e​d by O​S​Q​A