This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Data in WiFi monitor mode

1

I am using Ubuntu 14.04.1 with a TP-Link TL-WN722N WiFi adaptor. The network interface is configured in monitor mode by sudo airmon-ng start wlan1 so that I can capture all WiFi data.

However I found that Wireshark only display the wireless packet as raw data, without analyse them to readable data. (for example I do not know the detail in transport layer, TCP/UCP, IP address, etc)

How can I know the detail of the packet?

Thank you.

asked 19 Aug '14, 04:43

garypty's gravatar image

garypty
31337
accept rate: 0%

edited 19 Aug '14, 04:44


One Answer:

0

Is this a "protected" network, using WEP or WPA/WPA2?

If so, then the packets captured in monitor mode are encrypted, and you will have to configure Wireshark to decrypt the traffic.

answered 19 Aug '14, 11:24

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%