I have a new laptop which i downloaded Wireshark 2.05 to and i have my AirPcap cards. Although when i perform a capture i only receive 802.11 traffic in the protocol list. Why am i not capturing TCP, HTTP, etc? and how do i remedy this? asked 25 Aug '16, 22:34  blackwater edited 28 Aug '16, 20:24  Guy Harris ♦♦ |
2 Answers:
There are many possible root causes - from insufficient hardware to software configuration. WiFi sniffing is hard. The remedy will depend on the root cause and your description is not sufficient to determine root cause. Since you are using an AirPcap, monitor+promiscuous mode should work, so that's likely not the issue. I'll guess that the issue is that the data packets are encrypted, but that is only a guess. This is a common issue - have you searched here or used google? Some links for you to get started:
and plenty of others. The quickest way for resolution is to post a publicly accessible trace file for the members here to review. That will help them know exactly what you are seeing, then can point you in the right direction. answered 27 Aug '16, 12:04  Bob Jones edited 27 Aug '16, 12:05 |
Probably because you're capturing on a "protected" network, i.e. a network where traffic is encrypted with WEP or WPA/WPA2, which means that you'll only see higher-level protocols if the traffic can be decrypted. That means you will need to provide the password for the network to Wireshark. See the Wireshark Wiki's "How to decrypt 802.11" page for information on how to do that. answered 28 Aug '16, 20:23 Guy Harris ♦♦ |
