This is our old Q&A Site. Please post any new questions and answers at


I am studying the 802.11 control and management traffic, which is created between an AP and a station. I use a monitor interface (built with airmon-ng) and use Wireshark to capture the traffic. Wireshark captures beacon frames, probe responses ACKs, etc from the AP. However, I am not able to see two way traffic. I mean, I have CTS messages but not RTS. I have ACKs, but I do not see the acknowledged packet. I use my own machine to capture the traffic. I have read these posts, which indeed solve the problem, when I use a third machine to capture packets.

However, these posts mention: "Your NIC has to choose either to send data or receive data, so you won't get all the packets due to your card having to send out ACKs while capturing."

I would like to know why capturing two way traffic is impossible, when you use your own machine? Are not sending and receiving two independent processes?

For example, when you ping, you can see both the reply and the request. This is also the case with ARP messages. You see the ARP request and reply. Why isn't that the case with control and management frames.

Any help appreciated

asked 26 Nov '14, 05:10

johnson91's gravatar image

accept rate: 0%

edited 26 Nov '14, 05:11

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 26 Nov '14, 05:10

question was seen: 1,651 times

last updated: 26 Nov '14, 05:11

p​o​w​e​r​e​d by O​S​Q​A