This is a static archive of our old Q&A Site. Please post any new questions and answers at

Why missing control and management frames?



I am studying the 802.11 control and management traffic, which is created between an AP and a station. I use a monitor interface (built with airmon-ng) and use Wireshark to capture the traffic. Wireshark captures beacon frames, probe responses ACKs, etc from the AP. However, I am not able to see two way traffic. I mean, I have CTS messages but not RTS. I have ACKs, but I do not see the acknowledged packet. I use my own machine to capture the traffic. I have read these posts, which indeed solve the problem, when I use a third machine to capture packets.

However, these posts mention: "Your NIC has to choose either to send data or receive data, so you won't get all the packets due to your card having to send out ACKs while capturing."

I would like to know why capturing two way traffic is impossible, when you use your own machine? Are not sending and receiving two independent processes?

For example, when you ping, you can see both the reply and the request. This is also the case with ARP messages. You see the ARP request and reply. Why isn't that the case with control and management frames.

Any help appreciated

asked 26 Nov '14, 05:10

johnson91's gravatar image

accept rate: 0%

edited 26 Nov '14, 05:11