Hi, I set my lone network interface of Mac_air to Promiscous and Monitor mode at the same time. I could surf Internet while network being in the above mode. But the traffic captures show most packets had the following header hierarchy: Data -> IEEE 802.11 -> 802.11 radio info -> Radiotap header -> Frame.
Where are IP and TCP headers gone?
Regards
They are all there but encrypted. For each client-AP "session" you want to decrypt, you need to know the passphrase and capture the four EAPOL packets. When you give this information to Wireshark in the right way, it will automatically decrypt those radio frames for which it has the necessary information and show you the IP and above layers dissected.
And see the "How to decrypt 802.11" page on the Wireshark Wiki.
Asked: 2018-02-12 11:13:00 +0000
Seen: 1,080 times
Last updated: Feb 12 '18
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
