Hello, I am trying to use Wireshark as a 3rd party device to capture TCP packets between two other devices. These two devices are communicating on an OPEN protocol wifi network. I am running Kali Linux with a TP-LINK usb network adapter. I am using the Aircrack rtl8812au drivers installed from this Github repository. https://github.com/aircrack-ng/rtl8812au
I have configured my wireless network to monitor mode
wlan0 unassociated ESSID:"" Nickname:"<WIFI@REALTEK>"
Mode:Monitor Frequency=2.452 GHz Access Point: Not-Associated
Sensitivity:0/0
Retry:off RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=0/100 Signal level=0 dBm Noise level=0 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
I then used airodump-ng to capture packets on this interface filtered by channel and BSSID. Opening the .cap file generated by airodump in wireshark I am able see some of the TCP traffic between the two devices. This verifies that my hardware setup will indeed let me capture TCP traffic between the devices in monitor mode.
My issue is when I try to do the capture in wireshark on the wlan0 interface I only see 802.11 protocol packets such as 802.11 Block Ack, Clear-to-send, Request-to-send, etc... but I don't see any of the TCP data packets.
Is there specific configuration in wireshark I need to do to acpture these TCP frames?