no data packet except broadcast or multicast
hi.
I am capturing with a TP-Link TL-WN722N in monitor mode and promiscious mode on channel 1 (HT40+) on a wifi n and I don't see any data frames/packets except the ones to broadcast (ff:ff:ff:ff:ff:ff) or multicast (33:33:00:00:00:01, or 01:00:5e:7f:ff:fa) MAC addresses.
I see the control and management frames. No problem there. But for the data frames (type:2, subtype: 0), there are only the ones addressed to the mac above which are broadcast or multicast.
Why ? Is there a config or a switch I need to set ? Is it a driver or hardware problem ?
It is not only with wireshark but with tshark, always on ubuntu 17.10 on a Dell Insprion 15 3521.
But also with tshark or scapy on a rpi3 running archlinux-arm
This is not SPAM, damn robot !!!
Basic question to try to figure out what is happening:
Probe responses are unicast - do you see them? Also 802.11 ACKs are unicast - do you see them? Can you either confirm or refine the problem statement - are you not gettting ANY unicast, or is it only Data unicast that you do not get?
I see unicast Probe Responses and ACKs. I was told that Data frames are not used anymore in wifi n and ac. And effectivily, I see QoS data frames growing rapdily when thereis traffic. So, it's the answer ?
On and off I have been working on the same issue for several months. It seems you are able to capture frames on the primary 20MHz channel but when the secondary channel is used, no data is captured. The frames you are successfully capturing are Beacon, Probes, CTS, etc. Like you I also capture some data frames but they are either broadcast or multicast (ARP, IPv6 NS, MLD reports, etc.). Some discussion (but no solutions) you may find interesting can be found here: https://forum.aircrack-ng.org/index.php/topic,1661.0.html
I wonder if it is not related to the fact that the client and the AP have 2 antennas while the capturing card has only one. So they are using 2x2 MIMO or something like that and the one atenna card is blind to that comunication , right ?