There are many reasons why you won't see IP traffic on a wifi capture. In some rough order of likely causes:
- Capture system does not support the operating envelope of the network you want to analyze; e.g. AirPcap is 802.11bg only (IIRC) but your devices are operating at 802.11n supported rates. Or the AP is doing 5GHz but capture can only do 2.4GHz, or LDPC/SGI is in use, or ....
- The stream is encrypted, and you are not setup or capable of decryption. I know you claim 'open' in the title, but then you see data frames... usually if they are only listed as data frames that means they are encrypted
- You are on the wrong channel
- Wireshark has many of the protocols turned off at layer 3 and above so it is not looking for IP/TCP/UDP headers and can only identify something else
There are other reasons as well but this should get you started. Of course, sharing a trace is most helpful so we can analyze what you are getting.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
