 | 1 | initial version |
I think you are trying to capture 802.11 traffic and expect it to be encrypted. To access this type of traffic, you need to collect the traffic using some type of monitor mode interface that can do an OTA (over the air) capture. A good starting reference: https://wiki.wireshark.org/CaptureSetup/WLAN
The AP bridges wireless to wired traffic at layer 2 as you say; so it is true that layer 3 and above would be encrypted, if encryption is in use. So, be sure you have encryption turned on as this could be one of your causes.
Another possible issue is the interface you are capturing on. For best results, capture in monitor mode / promiscuous mode on an adapter not in use by the communications. Avoid using the actual AP interface until you know how it behaves, and avoid the bridge interface it may be on, or the wired interface that is bridged to it. If you just capture on the wireless interface not in monitor mode, the driver will decrypt the traffic and convert it to EthernetII, hiding what you are looking for.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
