Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

There are many reasons why you won't see IP traffic on a wifi capture. In some rough order of likely causes:

  1. Capture system does not support the operating envelope of the network you want to analyze; e.g. AirPcap is 802.11bg only (IIRC) but your devices are operating at 802.11n supported rates. Or the AP is doing 5GHz but capture can only do 2.4GHz, or LDPC/SGI is in use, or ....
  2. The stream is encrypted, and you are not setup or capable of decryption. I know you claim 'open' in the title, but then you see data frames... usually if they are only listed as data frames that means they are encrypted
  3. You are on the wrong channel
  4. Wireshark has many of the protocols turned off at layer 3 and above so it is not looking for IP/TCP/UDP headers and can only identify something else

There are other reasons as well but this should get you started. Of course, sharing a trace is most helpful so we can analyze what you are getting.