Failed to capture TX packets in WLAN(IEEE 802.11)?
Hello,
These days I try to capture the packets in WLAN. I follow the wiki page CaptureSetup/WLAN. I am almost successful, except that all outgoing packets which are not sent by myself disappear.
That is to say, I can only find HTTP responses, DNS responses and so on while all HTTP requests and DNS requests from other computers in the same WLAN disappear. However, those requests from my computer are captured successfully.
Is there any reasonable explanation and any solution to the problem? Or is it caused by buggy hardware? I searched Google for a long time but I got nothing.
I'm using Archlinux with Linux kernel 5.4.2 and my network card is Qualcomm Atheros QCA9377 802.11ac Wireless Network Adapter. The version of wireshark is 3.0.7.
Thank you for your help!
Are you in monitor mode or are you just capturing on the regular interface when it is connected to the network, i.e. in managed mode?
Thanks for your reply. I have one interface in managed mode and one interface in monitor mode. If I only use the monitor interface, I cannot capture anything. And if I only use the managed interface, I cannot even capture inbound packets which are not sent to my computer.
If "myself" refers to the machine running Wireshark, packets not sent by that machine aren't outgoing packets from the standpoint of that machine, so that'd be "all incoming packets that are not sent by my machine do not appear". (All packets on all networks are are "outgoing", in the sense that some machine has to transmit them in order for them to exist, but, from the point of view of machines other than the transmitting machine, they'd be incoming packets, if they can receive them.)
"Cannot capture anything" meaning you don't capture any packets at all, or meaning you capture packets but they just show up as "IEEE 802.11" and don't show any protocols above that?
(more)Thanks a lot for your long reply. I searched google for some more information. Someone says "i just check this with qca9377, it works only if connected to an AP at the same time" (see here). So it seems to be a bug in hardware?
As you said, all packets on all networks are outgoing. But why the HTTP requests and DNS requests which are sent from other machines disappear? At the same time, I can see HTTP responses and DNS responses which are sent to other machines. What's more, all TCP packets' source is either my machine or something outside the WLAN. That really confused me. Why does it happen?