This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

NO TCP PACKETS

0

I am running wireshark on a kali linux computer. I have an alfa usb wireless device. When I set my computer to run in monitor mode, wireshark does not see any tcp packets. I have been struggling with this for a few months now. When I first switched from a windows machine, I was seeing lots of tcp packets. But it seems that over time I started seeing less and less. Now I see nothing. It doesn't make any sense at all to me. And I don't have any capture or display filters on.

asked 17 Nov '15, 13:41

rlwhiterose's gravatar image

rlwhiterose
6334
accept rate: 0%

Have you set the wlan card to the correct WI-FI channell? maybe this related question can give you a hint: https://ask.wireshark.org/questions/47226/capture-80211ac-frames-in-monitor-mode

(17 Nov '15, 14:19) Christian_R

Thanks for the tip. But I don't really want to sniff a specific channel. I want to sniff everything. I have to do some more testing today, but I may have come up with something that works, even though it doesn't make any sense to me. When it wasn't working I was setting my computer to monitor mode like this:

ifconfig wlan1 down
iwconfig mode monitor
ifconfig wlan1 up

It seems to work when I do it like this:

ifconfig wlan1 down
iwconfig mode managed
ifconfig wlan1 up
ifconfig wlan1 down
iwconfig mode monitor
ifconfig wlan1 up

That was working great yesterday. Going to do some more testing today.

(18 Nov '15, 05:48) rlwhiterose

If you want to capture on more than one channel you can find some info here: https://wiki.wireshark.org/CaptureSetup/WLAN/ -> Section: channel hopping

(18 Nov '15, 06:04) Christian_R

Thanks for the link Christian. I will check it out.

(01 Dec '15, 12:58) rlwhiterose