First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

AirPcap - No IP traffic

  • retag add tags

I am trying to capture data on my OPEN network with Windows 10 and an AirPcap Tx USB device. All I get in Wireshark is the low level 802.11 traffic (Beacons, Probes, Association, raw Data, etc, etc ). I am trying to monitor 802.11 b/g traffic on channel 1.

I was expecting to be able to see IP traffic such as UDP and TCP. Am I missing something in the WS configuration?

bignick270's avatar
3
bignick270
asked 2018-05-04 15:09:17 +0000, updated 2018-05-04 15:13:28 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

1

There are many reasons why you won't see IP traffic on a wifi capture. In some rough order of likely causes:

  1. Capture system does not support the operating envelope of the network you want to analyze; e.g. AirPcap is 802.11bg only (IIRC) but your devices are operating at 802.11n supported rates. Or the AP is doing 5GHz but capture can only do 2.4GHz, or LDPC/SGI is in use, or ....
  2. The stream is encrypted, and you are not setup or capable of decryption. I know you claim 'open' in the title, but then you see data frames... usually if they are only listed as data frames that means they are encrypted
  3. You are on the wrong channel
  4. Wireshark has many of the protocols turned off at layer 3 and above so it is not looking for IP/TCP/UDP headers and can only identify something else

There are other reasons as well but this should get you started. Of course, sharing a trace is most helpful so we can analyze what you are getting.

Bob Jones's avatar
1.5k
Bob Jones
answered 2018-05-04 16:41:46 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thanks a lot! Issue was in router configuration: Multiple things 1) channel was dynamic and 2) channel spacing was dynamic 3) protocol was mixed (n and b/g). Additionally, I suspect my devices were using n for data which is not supported by AirPcap Tx.

I thought I had changed those settings when I set up the router but I must of missed the save button :)

bignick270's avatar bignick270 (2018-05-04 19:40:16 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer