THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question

Revision history  [back]

Revision 1
Bob Jones's avatar
1.5k
Bob Jones
answered 2020-01-16 23:03:59 +0000

If it's open, there is no encryption so there is no need to decrypt to see the actual data payloads sent between hosts. What you are likely seeing are management and control frames; these do not require decryption but also do not contain payload data that you might want to see.

To see just data, try a filter such as

wlan.fc.type_subtype in {0x20 0x28}

If you have a capture from a monitor mode device, then this filter should hide the management and control frames and just show data/QoS data frames. For a network that is open, the payloads here will be visible (for example, might be http, dns, whatever).