This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I reassemble monitor mode 802.11 protocol data into TCP/IP packets?

3

I'm trying to test Wireshark's / my computer's ability to capture WiFi packets to and from other computers on the same WiFi network.

When I capture in promiscuous non-monitor mode, I get full TCP/IP stack data, including HTTP data. However, I only see data from my computer. So I try promiscuous + monitor mode + network decryption key. When I do this, I see tons of broadcast 802.11 protocol records, but no HTTP, ICMP, or DHCP packets.

I'm not interested in seeing radio headers, just high level TCP/IP data pertaining to other computers on the network.

Am I doing something wrong?

System:

  • Wireshark 1.10.7
  • Mac OS X 10.9.2 Mavericks
  • 13" mid-2013 MacBook Air, Intel Haswell Core i7

asked 23 Apr '14, 00:11

mcandre's gravatar image

mcandre
56114
accept rate: 0%

I have the same issue, did you ever get this working?

(24 Jul '14, 15:30) nibeck

No, I never did :( I would have most definitely posted the solution if I found one, I hate when people post 'fixed it' without saying how.

(24 Jul '14, 19:58) mcandre

Do you see non-broadcast 802.11 packets? (Check the destination MAC address.)

(11 Sep '14, 14:11) Guy Harris ♦♦