Ask Your Question
0

AirPcap - No IP traffic

asked 2018-05-04 15:09:17 +0000

bignick270 gravatar image

updated 2018-05-04 15:13:28 +0000

I am trying to capture data on my OPEN network with Windows 10 and an AirPcap Tx USB device. All I get in Wireshark is the low level 802.11 traffic (Beacons, Probes, Association, raw Data, etc, etc ). I am trying to monitor 802.11 b/g traffic on channel 1.

I was expecting to be able to see IP traffic such as UDP and TCP. Am I missing something in the WS configuration?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
1

answered 2018-05-04 16:41:46 +0000

Bob Jones gravatar image

There are many reasons why you won't see IP traffic on a wifi capture. In some rough order of likely causes:

  1. Capture system does not support the operating envelope of the network you want to analyze; e.g. AirPcap is 802.11bg only (IIRC) but your devices are operating at 802.11n supported rates. Or the AP is doing 5GHz but capture can only do 2.4GHz, or LDPC/SGI is in use, or ....
  2. The stream is encrypted, and you are not setup or capable of decryption. I know you claim 'open' in the title, but then you see data frames... usually if they are only listed as data frames that means they are encrypted
  3. You are on the wrong channel
  4. Wireshark has many of the protocols turned off at layer 3 and above so it is not looking for IP/TCP/UDP headers and can only identify something else

There are other reasons as well but this should get you started. Of course, sharing a trace is most helpful so we can analyze what you are getting.

edit flag offensive delete link more

Comments

Thanks a lot! Issue was in router configuration: Multiple things 1) channel was dynamic and 2) channel spacing was dynamic 3) protocol was mixed (n and b/g). Additionally, I suspect my devices were using n for data which is not supported by AirPcap Tx.

I thought I had changed those settings when I set up the router but I must of missed the save button :)

bignick270 gravatar imagebignick270 ( 2018-05-04 19:40:16 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-04 15:09:17 +0000

Seen: 69 times

Last updated: May 04